Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.

Remediation

References

CVE-2013-0236

Related Vulnerabilities

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-3239)

Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.13)

MediaWiki CVE-2023-45372 Vulnerability (CVE-2023-45372)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2107)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Scripting (1.11.1)

Severity

Medium

Classification

CVE-2013-0236 CWE-707

Tags

Missing Update Known Vulnerabilities