Re: [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue

Hello Bugtraq! Regarding this XSS in WordPress 3.0.1 (http://www.securityfocus.com/archive/1/513101/30/30/threaded) I'll note about what I already wrote at my site last week. And already wrote to David. That for the attack it's needed to know token (_wpnonce), which designed to protect

[MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue

[MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue Details = Product: WordPress 3.0.1 Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.wordpress.org/ Advisory-Status: published Credits = Discovered by: David Vieira-Kurz