Описание
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Ссылки
- Third Party AdvisoryVDB Entry
- ProductVendor Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Press/Media CoverageThird Party Advisory
- Third Party AdvisoryVDB Entry
- ProductVendor Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Press/Media CoverageThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP S ...
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2