Description
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.
Remediation
References
Related Vulnerabilities
WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.8)
Moodle Improper Privilege Management Vulnerability (CVE-2020-25699)
Multiple SugarCRM Products Remote Code Execution Vulnerability (CVE-2023-22952)
WordPress Plugin AMP for WP-Accelerated Mobile Pages Security Bypass (0.9.97.19)
Oracle Application Server Other Vulnerability (CVE-2004-1369)