Description

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

Remediation

References

CVE-2017-9061

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6625)

WordPress Plugin AgentEasy Properties Cross-Site Scripting (1.0.4)

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-27423)

phpMyFAQ Improper Authentication Vulnerability (CVE-2023-0311)

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-0207)

Severity

Medium

Classification

CVE-2017-9061 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities