CVE-2017-14718Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
2.6%
top 14.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedSep 23
Latest updateMay 17

Description

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.8.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 4.8.2+dfsg-1+3

Patches

Patch: core.trac.wordpress.orgPatch: wordpress.orgPatch: core.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-6h9x-74vw-438v: Before version 42022-05-17
OSV
CVE-2017-14718: Before version 42017-09-23

📋Vendor Advisories

1
Debian
CVE-2017-14718: wordpress - Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack...2017

💬Community

1
Bugzilla
CVE-2017-11343 chicken: Predictable symbol table due to using default libc seed in PRNG2017-07-17
CVE-2017-14718 — Cross-site Scripting in Wordpress | cvebase