Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.

Remediation

References

CVE-2015-5622

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18098)

Apache HTTP Server Other Vulnerability (CVE-2004-0492)

WordPress Plugin dsIDXpress IDX Multiple Unspecified Vulnerabilities (2.1.32)

PHP Other Vulnerability (CVE-2015-4601)

WordPress Plugin Amazon JS Cross-Site Scripting (0.10)

Severity

Low

Classification

CVE-2015-5622 CWE-707

Tags

Missing Update Known Vulnerabilities