[VIM] Secunia SA32060 - WordPress MU "s" and "ip_address" Cross-Site Scripting Vulnerabilities
sullo at cirt.net
Wed Oct 1 15:10:56 UTC 2008
WordPress MU "s" and "ip_address" Cross-Site Scripting Vulnerabilities
Points to this post:
the input variables "s" and "ip_address" of GET method aren't properly
>From Secunia Description:
"Input passed to the "s" and "ip_address" parameters in
wp-admin/wp-blogs.php is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site."
Note the wp-blogs.php vs wpmu-blogs.php. I've confirmed that
"wp-blogs.php" doesn't exist in the MU downloads below 2.6.0, so the
Secunia text is incorrect.
Just wanted to make sure everyone caught that and see if Secunia can
More information about the VIM