Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-07-08 13:55
Updated : 2013-09-10 10:03
NVD link : CVE-2013-2201
Mitre link : CVE-2013-2201
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
wordpress
- wordpress