Description
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP FuneralPress Multiple Cross-Site Scripting Vulnerabilities (1.1.6)
Undertow CVE-2022-1259 Vulnerability (CVE-2022-1259)
WordPress Plugin Ocean Extra Cross-Site Scripting (1.9.4)
Oracle JRE CVE-2013-1486 Vulnerability (CVE-2013-1486)
Oracle Application Server Credentials Management Errors Vulnerability (CVE-2004-1366)