CVE-2013-0237 Information
Share on:
Feb 14, 2021
cve
Description
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5 as used in WordPress before 3.5.1 and other products allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Reference
http://codex.wordpress.org/Version_3.5.1 http://wordpress.org/news/2013/01/wordpress-3-5-1/ https://bugzilla.redhat.com/show_bug.cgi?id=904122 https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5