CVE-2013-6010 – Comment Attachment <= 1.5.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-6010
Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." Vulnerabilidad de XSS en el plugin Comment Attachment para WordPress permite a atacantes remotos inyectar script web arbitrario o HTML a través del "Attachment field title." Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.5.5 and below for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." • http://osvdb.org/97600 http://packetstormsecurity.com/files/123327 https://exchange.xforce.ibmcloud.com/vulnerabilities/87290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •