Описание
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.7.3+dfsg-1 |
| bionic | not-affected | 4.7.3+dfsg-1 |
| cosmic | not-affected | 4.7.3+dfsg-1 |
| devel | not-affected | 4.7.3+dfsg-1 |
| disco | not-affected | 4.7.3+dfsg-1 |
| eoan | not-affected | 4.7.3+dfsg-1 |
| esm-apps/bionic | not-affected | 4.7.3+dfsg-1 |
| esm-apps/focal | not-affected | 4.7.3+dfsg-1 |
| esm-apps/jammy | not-affected | 4.7.3+dfsg-1 |
| esm-apps/noble | not-affected | 4.7.3+dfsg-1 |
Показывать по
Ссылки на источники
EPSS
3.5 Low
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
EPSS
3.5 Low
CVSS2
5.4 Medium
CVSS3