Description
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin DZS Video Gallery Multiple Cross-Site Scripting Vulnerabilities (All)
WordPress Plugin GEO my WordPress Unspecified Vulnerability (2.6.1.1)
Oracle JRE CVE-2013-1475 Vulnerability (CVE-2013-1475)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (4.7.4)