WordPress link-categories.php cat_id Variable XSS

2004-12-16T22:46:56
ID OSVDB:12619
Type osvdb
Reporter Thomas Waldegger(bugtraq@morph3us.org)
Modified 2004-12-16T22:46:56

Description

Vulnerability Description

WordPress contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cat_id' variables upon submission to the 'link-categories.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WordPress contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cat_id' variables upon submission to the 'link-categories.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/wp-admin/link-categories.php?cat_id=[XSS]&action=Edit

References:

Vendor URL: http://wordpress.org/ Security Tracker: 1011440 Related OSVDB ID: 12621 Related OSVDB ID: 12617 Related OSVDB ID: 12622 Related OSVDB ID: 12618 Related OSVDB ID: 12620 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0194.html ISS X-Force ID: 18538 Bugtraq ID: 11984