

Unpatched Wordpress Instance on Yahoo Blog Leads to Cookie Theft - georgek1029
http://labs.bitdefender.com/2013/01/unpatched-wordpress-instance-on-yahoo-blog-leads-to-cookie-theft/

======
caseyf
Yikes. Any site with a publicly accessible swfupload.swf is open to XSS.

[https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-
appl...](https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-
swfupload-plupload/)

