Description
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
Remediation
References
Related Vulnerabilities
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.6)
Drupal Core 9.2.x Cross-Site Scripting (9.2.0 - 9.2.3)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)
PHP Resource Management Errors Vulnerability (CVE-2012-0781)
WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (5.0.12)