Skip to main content
CVE-2017-17092 MEDIUM POC PATCH This Month

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
4.1%
CVE-2017-17094 MEDIUM PATCH This Month

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
6.6%
CVE-2017-17093 MEDIUM PATCH This Month

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
6.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy