Description
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
Remediation
References
Related Vulnerabilities
MediaWiki Resource Management Errors Vulnerability (CVE-2015-8003)
qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3881)
WordPress Plugin Age Verify Cross-Site Scripting (0.2.8)
PHP Data Processing Errors Vulnerability (CVE-2015-4147)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)