CVE-2017-14718
WordPress Core < 4.8.2 - Cross-Site Scripting via Javascript: and Data: URLs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
Antes de la versión 4.8.2, WordPress era susceptible a un ataque de Cross-Site Scripting (XSS) en el modal de enlace mediante una URL javascript: o data:.
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks. For the oldstable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u15. For the stable distribution (stretch), these problems have been fixed in version 4.7.5+dfsg-2+deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.8.2+dfsg-2. For the unstable distribution (sid), these problems have been fixed in version 4.8.2+dfsg-2.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-19 CVE Published
- 2017-09-23 CVE Reserved
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100912 | Third Party Advisory | |
http://www.securitytracker.com/id/1039553 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://core.trac.wordpress.org/changeset/41393 | 2017-11-10 | |
https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release | 2017-11-10 |
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2017/dsa-3997 | 2017-11-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | <= 4.8.1 Search vendor "Wordpress" for product "Wordpress" and version " <= 4.8.1" | - |
Affected
|