Security: markdownPreview.php is a security hole | ww.wp.xz.cn

Resolved annoyingmouse
(@annoyingmouse)

13 years, 5 months ago

markdownPreview.php contains a security hole that allows XSS

If an attacker can trick an admin into visiting a malicious website (via a comment link or something), he can steal the admins cookies or perform actions on the admin’s behalf, such as creating a new user.

http://ww.wp.xz.cn/extend/plugins/magic-fields/

Viewing 1 replies (of 1 total)

Plugin Author hunk
(@hunk)

13 years, 4 months ago

thanks, I added verification and filtering of javascript code

https://github.com/hunk/Magic-Fields/commit/7fc92330c7e3bbc2bbfdbf742190a4ef1646b2d8

Viewing 1 replies (of 1 total)

The topic ‘Security: markdownPreview.php is a security hole’ is closed to new replies.

1 reply
2 participants
Last reply from: hunk
Last activity: 13 years, 4 months ago
Status: resolved