Lucene search
GoogleOSV:CVE-2017-17093HistoryDec 02, 2017 - 6:29 a.m.
CVE-2017-17093
2017-12-0206:29:00
Google
osv.dev
5
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
References
www.securityfocus.com/bid/102024
codex.wordpress.org/Version_4.9.1
github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
lists.debian.org/debian-lts-announce/2017/12/msg00019.html
wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
wpvulndb.com/vulnerabilities/8968
www.debian.org/security/2018/dsa-4090
Related
veracode
veracode
Cross-site Scripting (XSS)
2017-12-04 04:12:03
cvelist
cvelist
CVE-2017-17093
2017-12-02 06:00:00
nvd
nvd
CVE-2017-17093
2017-12-02 06:29:00
ubuntucve
ubuntucve
CVE-2017-17093
2017-12-02 00:00:00
debiancve
debiancve
CVE-2017-17093
2017-12-02 06:29:00
cve
cve
CVE-2017-17093
2017-12-02 06:29:00
patchstack
patchstack
WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
2017-11-29 00:00:00
prion
prion
Design/Logic Flaw
2017-12-02 06:29:00
wpvulndb
wpvulndb
WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
2017-11-29 00:00:00
openvas
openvas
WordPress < 4.9.1 Multiple Vulnerabilities - Windows
2017-12-04 00:00:00
WordPress < 4.9.1 Multiple Vulnerabilities - Linux
2017-12-04 00:00:00
Debian: Security Advisory (DLA-1216-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 1216-1] wordpress security update
2017-12-21 20:10:37
[SECURITY] [DSA 4090-1] wordpress security update
2018-01-17 13:40:59
[SECURITY] [DSA 4090-1] wordpress security update
2018-01-17 13:40:59
nessus
nessus
Debian DLA-1216-1 : wordpress security update
2017-12-26 00:00:00
WordPress < 4.9.1 Multiple Vulnerabilities
2017-12-04 00:00:00
Debian DSA-4090-1 : wordpress - security update
2018-01-18 00:00:00
osv
osv
wordpress - security update
2017-12-21 00:00:00
wordpress - security update
2018-01-17 00:00:00