Base Score

MEDIUM5.4

CVE-2017-6817

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.

VectorNETWORK

Published Bycve@mitre.org

Published DateMar 12, 2017, 01:59

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

http://www.debian.org/security/2017/dsa-3815
http://www.securityfocus.com/bid/96601
http://www.securitytracker.com/id/1037959
https://codex.wordpress.org/Version_4.7.3
https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/8768

Base Score

MEDIUM5.4

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE