CVE-2015-5734

2015-11-09T11:59:00
ID CVE-2015-5734
Type cve
Reporter cve@mitre.org
Modified 2017-11-04T01:29:00

Description

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.