6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.5%
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.swf in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by “jsinitfunctio%gn.”
CPE | Name | Operator | Version |
---|---|---|---|
contao/core | lt | 3.5.15 | |
contao-components/mediaelement | lt | 2.21.1 | |
mediaelement | lt | 2.11.1 |
www.openwall.com/lists/oss-security/2016/05/07/2
www.securitytracker.com/id/1035818
codex.wordpress.org/Version_4.5.2
contao.org/en/news/contao-3_5_15.html
core.trac.wordpress.org/changeset/37371
gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
github.com/advisories/GHSA-277w-qpxr-2549
github.com/FriendsOfPHP/security-advisories/blob/master/contao-components/mediaelement/CVE-2016-4567.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2016-4567.yaml
github.com/johndyer/mediaelement/blob/master/changelog.md
github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
github.com/mediaelement/mediaelement/blob/b992ccf5f0c04a207d98bbb0868420751a61ec90/changelog.md?plain=1#L1024
github.com/mediaelement/mediaelement/blob/master/changelog.md
github.com/mediaelement/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
nvd.nist.gov/vuln/detail/CVE-2016-4567
web.archive.org/web/20170205142412/www.securitytracker.com/id/1035818
wordpress.org/news/2016/05/wordpress-4-5-2/
wpvulndb.com/vulnerabilities/8488
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.5%