CVE-2017-6814 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Cross-site scripting |
Description | An authenticated cross-site scripting (XSS) vulnerability has been discovered in WordPress before 4.7.3 via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-202 | wordpress | 4.7.2-1 | 4.7.3-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
16 Mar 2017 | ASA-201703-14 | AVG-202 | wordpress | Medium | multiple issues |