============================================================ ============================================================ Title: WordPress XSS and HTML injection Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 12/04/2005 Severity: Medium. users can obtain cookies of other users and defacement website Affected version: <= 1.5 ============================================================ ============================================================ *Summary http://wordpress.org. Wordpress is a popular blogging system built on PHP (the scripting language) and is licensed under the GPL. It is free software supported by a large and vibrant community of users. You can use WordPress as a stand-alone application to publish your web log, or incorporate its functionality into an existing site. ============================================================ *Problem Description: Bug is in the content and title of post, when not controlling the entrance of characters, being able to inject HTML code ============================================================ *Example: Type in the title or content of post