id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
22132	Malicious script allowed in attachment Title, Caption and Description	dglingren		"If you enter Javascript in the Title, Alternate Text, Caption and/or Description fields of an attachment the Edit Media and Media Library screens will properly escape and didplay it. However, the Gallery shortcode and the display page reached from the attachment's permalink do not escape these values and the script is executed.

For example, enter this in the Title field:

`Title""<script>alert('Title');</script>`

The double-quote terminates the text field and the script is executed.

"	defect (bug)	closed	normal		Security	3.4.2	normal	invalid