Description

Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.

Remediation

References

CVE-2015-5733

Related Vulnerabilities

Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-28651)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3529)

WordPress Plugin WP Page Builder Multiple Vulnerabilities (1.2.3)

Drupal Core 9.0.x Security Bypass (9.0.0 - 9.0.5)

Severity

Medium

Classification

CVE-2015-5733 CWE-707

Tags

Missing Update Known Vulnerabilities