Description
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shopping Cart & eCommerce Store Arbitrary File Upload (3.0.8)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.37)
UAParser.js Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25927)
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-14209)
Oracle Application Server Other Vulnerability (CVE-2001-1372)