First published: Mon Jan 03 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <=3.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.