Description
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
Remediation
References
Related Vulnerabilities
Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)
PHP Other Vulnerability (CVE-2007-1401)
Django DEPRECATED: Code Vulnerability (CVE-2015-0219)
LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)