LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

WordPress: HTTP response splitting and XSS vulnerabilities

Package(s):wordpress CVE #(s):
Created:October 14, 2004 Updated:December 20, 2004
Description: WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks, due to the lack of input validation in the administration panel scripts. A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.
Alerts:
Gentoo 200410-12:02 2004-10-14
Gentoo 200410-12 2004-10-14
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds