https://www.exploit-db.com/exploits/24646
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-137

WordPress1.2版本存在多个跨站脚本（XSS）漏洞。远程攻击者可以借助各种参数注入任意web脚本或HTMl，这些参数包括(1)wp-login.php的redirect_to，text，popupurl或popuptitle参数，(2)admin-header.php的redirect_url参数(3)bookmarklet.php的popuptitle，popupurl，content或post_title参数(4)categories.php的cat_ID参数(5)edit.php的s参数或(6)edit-comments.php的s或mode参数。

source: http://www.securityfocus.com/bid/11268/info
 
It is reported that WordPress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
 
Wordpress 1.2 is reported vulnerable, however, other versions may be affected as well.

/edit-comments.php?s=[XSS]
/edit-comments.php?mode=[XSS]

来源:XF
名称:wordpress-multiple-scripts-xss(17532)
链接:http://xforce.iss.net/xforce/xfdb/17532
来源:BID
名称:11268
链接:http://www.securityfocus.com/bid/11268
来源:SECUNIA
名称:12683
链接:http://secunia.com/advisories/12683
来源:BUGTRAQ
名称:20040927MultipleXSSVulnerabilitiesinWordpress1.2
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109641484723194&w;=2
来源:SECTRACK
名称:1011440
链接:http://securitytracker.com/id?1011440