Misleading Article - Bad Journalism
If you actually read the Advisory linked from this article (rather than author's very frivolous interpretation) you will see that it clearly states:
"In order to execute arbitrary script injection malicious users must have 'Administer blocks' permission."
Now, it's important to understand what this means. "Administer blocks" privilege is only ever given to the users with the highest administrative rights. No "guest" user or even simply registered user would ever have that, so as far as they are concerned - they can't do anything. Also, if you do have administrative rights of that level in any CMS, you can do way more damage than inject some javascript. There's no reason whatsoever to conclude that whitehouse.gov has a vulnerability, based on this advisory, yet the article not only suggest it, but also asserts the existence of one.
This is bad journalism.
Biting the hand that feeds IT
