Hi, just a heads up, I think your site has the XSS vulnerability, namely paramet... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		squish101 on May 22, 2012 \| parent \| context \| favorite \| on: The Toolbox: From Idea to Launch in 10 Hours Hi, just a heads up, I think your site has the XSS vulnerability, namely parameter "s" - common in wordpress search function. To see it in action, try adding "/?s=aaa<script>alert(16354)<%2Fscript>" at the end.

sgdesign on May 22, 2012 [–]

That didn't do anything for me. I'd hope WordPress escapes MySQL and JS code from query strings, that seems like a pretty big vulnerability…

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact