Page 9 of 81 results (0.005 seconds)
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-17094 – WordPress Core < 4.9.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-17094
29 Nov 2017 — wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. wp-includes/feed.php en WordPress en versiones anteriores a la 4.9.1 no restringe contenedores en los campos RSS y Atom, lo que puede permitir que los atacantes realicen ataques Cross-Site Scripting (XSS) mediante una URL manipulada. Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote atta... • http://www.securityfocus.com/bid/102024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •