CVE-2017-17094

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.

Date published : 2017-12-02

http://www.securityfocus.com/bid/102024

https://www.debian.org/security/2018/dsa-4090