wp-includes/general-template.php in WordPress prior to 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow malicious users to conduct XSS attacks via the language setting of a site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 7.0 |