Description
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
Remediation
References
Related Vulnerabilities
WordPress 2.3 Cross-Site Scripting Vulnerability (2.3)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2935)
Artifactory Weak Password Requirements Vulnerability (CVE-2019-17444)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)