CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2017-12-02 06:29

Updated : 2019-04-26 15:18


NVD link : CVE-2017-17093

Mitre link : CVE-2017-17093


JSON object : View

Products Affected

debian

  • debian_linux

wordpress

  • wordpress
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')