Blog

Thursday 28 June 2007 - [HS-A006] Multiple XSS in Wordpress theme K2

By Stephen Fewer

Two Cross Site Scripting (XSS) vulnerabilities have been identified in K2, a popular theme for Wordpress. These are reflected XSS vulnerabilities and can allow for an attacker to craft a malicious URL which when accessed by a victim will allow an attacker to run arbitrary code, typically JavaScript, in the victims browser.

You can read the advisory here:
http://www.harmonysecurity.com/HS-A006.html

Labels:

 

 

Bookmark and Share