Description
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
Remediation
References
Related Vulnerabilities
WordPress Plugin Good LMS-Learning Management System SQL Injection (2.1.4)
WordPress Plugin Catpro Gallery Arbitrary File Upload (3.8)
WordPress Plugin WP Statistics Multiple Vulnerabilities (13.1.5)
MODX Improper Certificate Validation Vulnerability (CVE-2017-7322)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-48293)