Vulnerability & Exploit Database

Displaying all 2 entries

Results for: CVE-2017-17094 Back to search

Debian: CVE-2017-17094: wordpress -- security update Vulnerability

  • Severity: 4
  • Published: December 02, 2017

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.