21 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-5776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement under wp- includes/js/mediaelement. CVE-2018-5776 Note that Nessus relies on the...
Cross-Site Scripting (XSS)
flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the callback parameter in the Flash fallback feature, allowing the attacker to steal session tokens or perform unwanted actions on behalf of the user. This...
WordPress 3.9.x < 3.9.23 MediaElement.js Flash Fallback XSS
According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...
WordPress 4.8.x < 4.8.5 MediaElement.js Flash Fallback XSS
According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...
WordPress 4.3.x < 4.3.15 MediaElement.js Flash Fallback XSS
According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...
WordPress 4.6.x < 4.6.10 MediaElement.js Flash Fallback XSS
According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...
WordPress 4.5.x < 4.5.13 MediaElement.js Flash Fallback XSS
According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...
WordPress 4.2.x < 4.2.19 MediaElement.js Flash Fallback XSS
According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...
Fedora 26 : wordpress (2018-19c693fd9a)
Upstream announcement : WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is...
WordPress MediaElement Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . MediaElement is used in one of the HTML5 player . A cross-site scripting vulnerability exists in the Flash...
UBUNTU-CVE-2018-5776
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement under wp-includes/js/mediaelement...
CVE-2018-5776
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement under wp-includes/js/mediaelement...
DEBIAN-CVE-2018-5776
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement under wp-includes/js/mediaelement...
WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability found in WordPress 3.7-4.9.1 versions in the Flash fallback files in MediaElement, a library that is included with WordPress. Solution Update your Wordpress to the latest available version at least 4.9.2...
CVE-2013-7343
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...
UBUNTU-CVE-2013-7342
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...
UBUNTU-CVE-2013-7343
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...
Cross site scripting
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...
CVE-2013-7343
CVE-2013-7343 describes a cross-site scripting (XSS) vulnerability in Flowplayer’s Flash fallback component, specifically in the flowplayer.swf used by Flowplayer HTML5 5.4.3. The issue allows remote attackers to inject arbitrary web script or HTML by abusing URL encoding within the name of the c...
CVE-2013-7342
Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...