[原文]Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.
WordPress template-functions-post.php Multiple Field XSS
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
WordPress contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple fields upon submission to the 'template-functions-post.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.