Thursday, 28 June 2007

[HS-A006] Multiple XSS in Wordpress theme K2

Two Cross Site Scripting (XSS) vulnerabilities have been identified in K2, a popular theme for Wordpress. These are reflected XSS vulnerabilities and can allow for an attacker to craft a malicious URL which when accessed by a victim will allow an attacker to run arbitrary code, typically JavaScript, in the victims browser.

You can read the advisory here:
http://www.harmonysecurity.com/HS-A006.html