Another possible XSS issue was reported for wordpress: http://www.frsirt.com/english/advisories/2007/3640 A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an input validation error in the "wp-admin/edit-post-rows.php" script when processing the "posts_columns" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site. Original advisory: http://www.waraxe.us/advisory-59.html Upstream advisory: http://wordpress.org/development/2007/10/wordpress-231/ Upstream patch (seems to prevent direct access to affected file): http://trac.wordpress.org/changeset/6258 This issue only seems to affect wordpress 2.3, which is only in devel/f9 now. Older versions in f7 and f8 do not seem to contain affected file. Moreover, exploitation requires register_globals to be enabled, which is not recommended setup (for years now) nor out default php configuration.
Fixed and built in devel and EL-5 branch.
Needs to be built for FC-6, F-7, and F-8 as well
Nevermind. Note to self: read.
CVE id CVE-2007-5710 was assigned to this.