Описание
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchRelease NotesVendor Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- PatchRelease NotesVendor Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
wp-includes/general-template.php in WordPress before 4.9.1 does not pr ...
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2