Bug 357731 (CVE-2007-5710)

Summary: CVE-2007-5710 wordpress XSS issue
Product: [Fedora] Fedora Reporter: Tomas Hoger <thoger>
Component: wordpressAssignee: John Berninger <john>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: adrian
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=gentoo,reported=20071030,public=20071027,impact=low
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-30 13:16:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2007-10-30 08:41:26 UTC 
Another possible XSS issue was reported for wordpress:

  http://www.frsirt.com/english/advisories/2007/3640

A vulnerability has been identified in WordPress, which could be exploited by
attackers to execute arbitrary scripting code. This issue is caused by an input
validation error in the "wp-admin/edit-post-rows.php" script when processing the
"posts_columns" parameter, which could be exploited by attackers to cause
arbitrary scripting code to be executed by the user's browser in the security
context of an affected Web site.

Original advisory:
  http://www.waraxe.us/advisory-59.html

Upstream advisory:
  http://wordpress.org/development/2007/10/wordpress-231/

Upstream patch (seems to prevent direct access to affected file):
  http://trac.wordpress.org/changeset/6258

This issue only seems to affect wordpress 2.3, which is only in devel/f9 now. 
Older versions in f7 and f8 do not seem to contain affected file.  Moreover,
exploitation requires register_globals to be enabled, which is not recommended
setup (for years now) nor out default php configuration.
Comment 1 Adrian Reber 2007-10-30 09:10:19 UTC 
Fixed and built in devel and EL-5 branch.
Comment 2 John Berninger 2007-10-30 13:15:41 UTC 
Needs to be built for FC-6, F-7, and F-8 as well
Comment 3 John Berninger 2007-10-30 13:16:40 UTC 
Nevermind.  Note to self: read.
Comment 4 Tomas Hoger 2007-10-31 08:12:04 UTC 
CVE id CVE-2007-5710 was assigned to this.