Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ultimate Google Analytics Cross-Site Request Forgery (1.6.0)
WordPress Plugin Shop Page WP Cross-Site Scripting (1.2.7)
phpMyAdmin Resource Management Errors Vulnerability (CVE-2016-6622)
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)
WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)