Description

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Remediation

References

CVE-2017-14720

Related Vulnerabilities

WordPress Plugin Inline Gallery 'do' Parameter Cross-Site Scripting (0.3.9)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)

WordPress Plugin Protected Posts Logout Button Security Bypass (1.4.5)

WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)

WordPress Plugin ShiftNav-Responsive Mobile Menu Cross-Site Scripting (1.5.2)

Severity

Medium

Classification

CVE-2017-14720 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities