Описание
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| wordpress | fixed | 4.9.5+dfsg1-1 | package |
Примечания
https://core.trac.wordpress.org/changeset/42893
https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
EPSS
Процентиль: 91%
0.06836
Низкий
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 8 лет назад
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
CVSS3: 6.1
nvd
почти 8 лет назад
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
CVSS3: 6.1
github
больше 3 лет назад
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
EPSS
Процентиль: 91%
0.06836
Низкий