Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.

Remediation

References

CVE-2013-0236

Related Vulnerabilities

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33327)

WordPress Plugin Multisite Global Search 'mssearch' Parameter Cross-Site Scripting (1.2.5)

WordPress Plugin Booster Elite for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

Magento CVE-2019-8229 Vulnerability (CVE-2019-8229)

WordPress Plugin Locatoraid Store Locator Cross-Site Request Forgery (3.9.11)

Severity

Medium

Classification

CVE-2013-0236 CWE-707

Tags

Missing Update Known Vulnerabilities