Wordpress <= v2.1.0

2007-03-05T00:00:00
ID SECURITYVULNS:DOC:16260
Type securityvulns
Reporter Securityvulns
Modified 2007-03-05T00:00:00

Description

If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques.

More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt