CVE-2017-17094

Опубликовано: 02 дек. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 3.5

CVSS3: 5.4

Описание

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	4.9.5+dfsg1-1
cosmic	not-affected	4.9.5+dfsg1-1
devel	not-affected	4.9.5+dfsg1-1
disco	not-affected	4.9.5+dfsg1-1
eoan	not-affected	4.9.5+dfsg1-1
esm-apps/bionic	not-affected	4.9.5+dfsg1-1
esm-apps/focal	not-affected	4.9.5+dfsg1-1
esm-apps/jammy	not-affected	4.9.5+dfsg1-1
esm-apps/noble	not-affected	4.9.5+dfsg1-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%

0.05932

Низкий

3.5 Low

CVSS2

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2017-17094

CVSS3: 5.4

nvd

больше 7 лет назад

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.

CVE-2017-17094

CVSS3: 5.4

debian

больше 7 лет назад

wp-includes/feed.php in WordPress before 4.9.1 does not properly restr ...

GHSA-2h28-99xh-9cvg

CVSS3: 5.4

github

около 3 лет назад

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.

EPSS

Процентиль: 90%

0.05932

Низкий

3.5 Low

CVSS2

5.4 Medium

CVSS3

CVE-2017-17094

Описание

Пакет wordpress

Ссылки на источники

Связанные уязвимости