Description
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Music Store Open Redirect (1.0.14)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2327)
Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-10889)
WordPress Plugin W3SCloud Contact Form 7 to Zoho CRM Cross-Site Scripting (1.1.2)