3 matches found
CVE-2016-7168
Cross-site scripting XSS vulnerability in the mediahandleupload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename...
CVE-2016-7168
Cross-site scripting XSS vulnerability in the mediahandleupload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename...
CVE-2016-7168
WordPress before 4.6.1 is affected by CVE-2016-7168 due to a Cross-site scripting (XSS) vulnerability in media_handle_upload (wp-admin/includes/media.php). An attacker could trick an administrator into uploading an image with a crafted filename, enabling injection of arbitrary script/HTML when th...