mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-23 23:14:03 +02:00
0xMarcio
765 B
765 B
CVE-2013-5738
Description
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.
POC
Reference
No PoCs from references.