Red Hat Bugzilla – Bug 357731
CVE-2007-5710 wordpress XSS issue
Last modified: 2007-11-30 17:12:20 EST
Another possible XSS issue was reported for wordpress:
A vulnerability has been identified in WordPress, which could be exploited by
attackers to execute arbitrary scripting code. This issue is caused by an input
validation error in the "wp-admin/edit-post-rows.php" script when processing the
"posts_columns" parameter, which could be exploited by attackers to cause
arbitrary scripting code to be executed by the user's browser in the security
context of an affected Web site.
Upstream patch (seems to prevent direct access to affected file):
This issue only seems to affect wordpress 2.3, which is only in devel/f9 now.
Older versions in f7 and f8 do not seem to contain affected file. Moreover,
exploitation requires register_globals to be enabled, which is not recommended
setup (for years now) nor out default php configuration.
Fixed and built in devel and EL-5 branch.
Needs to be built for FC-6, F-7, and F-8 as well
Nevermind. Note to self: read.
CVE id CVE-2007-5710 was assigned to this.