Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29212)
Liferay DXP Origin Validation Error Vulnerability (CVE-2022-25146)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2006-6943)
Plone CMS CVE-2017-1000483 Vulnerability (CVE-2017-1000483)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)