Vulnerability Description
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wp No External Links Project | Wp No External Links | <= 3.5.18 |
Related Weaknesses (CWE)
References
- http://lists.openwall.net/full-disclosure/2017/06/02/3ExploitMailing ListThird Party Advisory
- https://wordpress.org/plugins/wp-noexternallinks/#developersRelease NotesThird Party Advisory
- http://lists.openwall.net/full-disclosure/2017/06/02/3ExploitMailing ListThird Party Advisory
- https://wordpress.org/plugins/wp-noexternallinks/#developersRelease NotesThird Party Advisory
FAQ
What is CVE-2017-15863?
CVE-2017-15863 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php.
How severe is CVE-2017-15863?
CVE-2017-15863 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15863?
Check the references section above for vendor advisories and patch information. Affected products include: Wp No External Links Project Wp No External Links.