Description

Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).

Remediation

References

CVE-2009-3891

Related Vulnerabilities

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1165)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.75)

Drupal Core 7.x Open Redirect (7.0 - 7.69)

WordPress Improper Input Validation Vulnerability (CVE-2019-20041)

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)

Severity

Low

Classification

CVE-2009-3891 CWE-707

Tags

Missing Update Known Vulnerabilities