Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-11-25 15:59
Updated : 2015-10-05 14:43
NVD link : CVE-2014-9031
Mitre link : CVE-2014-9031
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
wordpress
- wordpress