Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-17092

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.

See the

CVE page on Mitre.org for more details.

References

MISC: https://codex.wordpres...
MISC: https://github.com/Wor...
MISC: https://wordpress.org/...
MISC: https://wpvulndb.com/v...
BID: 102024
DEBIAN: DSA-4090
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2017-17092

Related bugs

References