Cross-site Scripting (XSS)

wordpress is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the addLoadEvent function in admin-header.php where an attacker is able to inject malicious script via global variables and get it executed when a user visits the page...