

WordPress 4.2.2 Security and Maintenance Release - strommen
https://wordpress.org/news/2015/05/wordpress-4-2-2/

======
strommen
> The Genericons icon font package, which is used in a number of popular
> themes and plugins, contained an HTML file vulnerable to a cross-site
> scripting attack.

How can an HTML _file_ be vulnerable to XSS?

