WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5739)

Description

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.

Remediation

References

Related Vulnerabilities

Jenkins Improper Input Validation Vulnerability (CVE-2012-6073)

WordPress Plugin Gravity Forms Unspecified Vulnerability (2.4.17)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5589)

Liferay Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-13445)

MediaWiki Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-44856)

Severity

Low

Classification

CVE-2013-5739 CWE-707

Tags

Missing Update Known Vulnerabilities