Published: 02/12/2017 Updated: 26/04/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

wp-includes/general-template.php in WordPress prior to 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow malicious users to conduct XSS attacks via the language setting of a site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 7.0

Debian Bug report logs - #883314 wordpress: CVE-2017-17091 CVE-2017-17092 CVE-2017-17093 CVE-2017-17094 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Dec 2017 09:15:01 UTC Severity: grave Tags: fixed-upstrea ...

Several vulnerabilities were discovered in Wordpress, a web blogging tool They allowed remote attackers to perform SQL injections and various Cross-Side Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks, as well as bypass some access restrictions For the oldstable distribution (jessie), these problems have been fixed in version 41+d ...

CWE-79 https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a https://codex.wordpress.org/Version_4.9.1 https://wpvulndb.com/vulnerabilities/8968 http://www.securityfocus.com/bid/102024 https://www.debian.org/security/2018/dsa-4090 https://lists.debian.org/debian-lts-announce/2017/12/msg00019.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314 https://nvd.nist.gov https://www.debian.org/security/./dsa-4090

CVE-2017-17093

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect