CVE-2017-5612Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting7 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
1.5%
top 18.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WordpressDebian WordpressDebian Linux
Timeline
PublishedJan 30
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.7.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 4.7.2+dfsg-1+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: github.comPatch: wordpress.orgPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-5qr2-x7m5-m83q: Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table2022-05-14
OSV
CVE-2017-5612: Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table2017-01-30

📋Vendor Advisories

1
Debian
CVE-2017-5612: wordpress - Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-lis...2017

💬Community

3
Bugzilla
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 wordpress: Multiple security fixes in 4.7.2 [epel-all]2017-01-27
Bugzilla
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 wordpress: Multiple security fixes in 4.7.2 [fedora-all]2017-01-27
Bugzilla
CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 wordpress: Multiple security fixes in 4.7.22017-01-27
CVE-2017-5612 — Cross-site Scripting in Wordpress | cvebase