wordpress -- multiple vulnerabilities

2005-04-12T00:00:00
ID A4955B32-ED84-11D9-8310-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-04-12T00:00:00

Description

A Gentoo Linux Security Advisory reports:

Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser.