Description

Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.

Remediation

References

CVE-2015-5733

Related Vulnerabilities

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2890)

Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8164)

IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-4989)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2021-3733)

Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-3186)

Severity

Medium

Classification

CVE-2015-5733 CWE-707

Tags

Missing Update Known Vulnerabilities