In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
debian_linux | eq | 9.0 | |
wordpress | le | 4.7.4 |