Description
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Remediation
References
Related Vulnerabilities
WordPress 5.0.x Cross-Site Request Forgery (5.0 - 5.0.3)
Postman SMTP Mailer/Email Log Cross-Site Scripting (2.0.0)
PostgreSQL Improper Authentication Vulnerability (CVE-2017-7546)
Gallery PhotoBlocks Unspecified Vulnerability (1.1.32)
Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)