Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.

See the

CVE page on Mitre.org for more details.

References

MISC: https://codex.wordpres...
MISC: https://github.com/Wor...
MISC: https://wordpress.org/...
MISC: https://wpvulndb.com/v...
BID: 102024
DEBIAN: DSA-4090
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2017-17093

Related bugs

References