Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-5490

Опубликовано: 15 янв. 2017
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3
CVSS3: 6.1

Описание

Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.

РелизСтатусПримечание
artful

not-affected

4.7.1+dfsg-1
bionic

not-affected

4.7.1+dfsg-1
cosmic

not-affected

4.7.1+dfsg-1
devel

not-affected

4.7.1+dfsg-1
disco

not-affected

4.7.1+dfsg-1
eoan

not-affected

4.7.1+dfsg-1
esm-apps/bionic

not-affected

4.7.1+dfsg-1
esm-apps/focal

not-affected

4.7.1+dfsg-1
esm-apps/jammy

not-affected

4.7.1+dfsg-1
esm-apps/noble

not-affected

4.7.1+dfsg-1

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-5490

CVSS3: 6.1
nvd
около 9 лет назад

Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.

debian логотип

CVE-2017-5490

CVSS3: 6.1
debian
около 9 лет назад

Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ...

github логотип

GHSA-p45m-x7rq-w3r2

CVSS3: 6.1
github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.

4.3 Medium

CVSS2

6.1 Medium

CVSS3