Persistent XSS via filtering bypass

HTML content crafted by users may allow execution of arbitrary javascript on specific browsers.

This requires that users have authority to edit content, which by default requires a privileged user.

Information for security researchers

CVE Identifier: CVE-2012-5502
Impact Subscore: 2.9
Exploitability Subscore: 6.8
Overall CVSS Score: 2.7
Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N/E:P/RL:O/RC:C)
CWE: CWE-79
Credit: Mauro Gentile