In association with heise online

« previous | next »
26 November 2008, 16:24

WordPress update fixes vulnerabiliy

In WordPress version 2.6.5, the developers of the open source blog-publishing tool fixed a cross site scripting (XSS) vulnerability as wells as three bugs not related to security. However, the XSS hole can only be exploited on IP-address-based virtual servers running Apache 2.x. Since installations at web hosts are usually name-based, it is not likely that many users will be affected.

The XSS hole is contained in wp-includes/feed.php. When RSS feeds are generated, JavaScript can be injected and executed in the victim’s browser under certain circumstances. The Wordpress developers skipped version number 2.6.4 in order to avoid mix-ups involving a fraudulent version 2.6.4 put into circulation by scammers.

See also:

(trk)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-739009

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit