wordpress -- cross-site scripting

ID A467D0F9-8875-11DC-B3BA-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2007-10-29T00:00:00


A Secunia Advisory report:

Input passed to the "posts_columns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.