Security Advisory

CVE-2013-5738

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-09-12 10:00:00

Last updated 2024-08-06 17:22:30

Assigner mitre

State PUBLISHED

Description

The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.

← Browse all CVEs View on cve.org ↗