{"alias":[],"description":"Multiple cross-site scripting (XSS) vulnerabilities in wp-admin\/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.","epss":{"percentile":"0.75532","score":"0.008820"},"id":"CVE-2017-5488","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"MEDIUM","access_vector":"NETWORK","authentication":"NONE","availability_impact":"NONE","base_score":4.3,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":8.6,"impact_score":2.9,"integrity_impact":"PARTIAL","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":1,"vector_string":"AV:N\/AC:M\/Au:N\/C:N\/I:P\/A:N","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"NETWORK","availability_impact":"NONE","base_score":6.1,"base_severity":"MEDIUM","confidentiality_impact":"LOW","exploitability_score":2.8,"impact_score":2.7,"integrity_impact":"LOW","privileges_required":"NONE","scope":"CHANGED","user_interaction":"REQUIRED","vector_string":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","version":"3.0"}},"modified":"2025-04-20T01:37:25","nvd_status":"Deferred","published":"2017-01-15T02:59:02","score":6.1,"severity":"MEDIUM","source":"cve@mitre.org","status":"PUBLISHED","weaknesses":[{"id":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"weakness"}]}