61 matches found
CVE-2016-4567
Cross-site scripting XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."...
Cross site scripting
Cross-site scripting XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."...
CVE-2016-4567
CVE-2016-4567 describes a cross-site scripting (XSS) flaw in MediaElement.js (flash/FlashMediaElement.as) before version 2.21.0, as used in WordPress up to 4.5.2. An attacker can inject arbitrary script/HTML via an obfuscated value of the jsinitfunction parameter (example: jsinitfunctio%gn). The ...
CVE-2016-4567
Cross-site scripting XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."...
EUVD-2022-1928
Cross-site scripting XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."...
CVE-2016-4567
Cross-site scripting XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."...
WordPress < 4.5.2 Multiple XSS Vulnerabilities (May 2016) - Linux
WordPress is prone to multiple cross-site scripting XSS vulnerabilities in third-party libraries. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
WordPress < 4.5.2 Multiple XSS Vulnerabilities (May 2016) - Windows
WordPress is prone to multiple cross-site scripting XSS vulnerabilities in third-party libraries. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.5.2. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability, known as ImageTragick, exists in the ImageMagick library due to a...
FreeBSD : wordpress -- multiple vulnerabilities (3686917b-164d-11e6-94fa-002590263bf5)
Helen Hou-Sandi reports : WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...
WordPress 4.5.2 Security Release
WordPress vulnerabilities continue to be a magnet for hackers laden with exploit kits, and as recently as February, crippling ransomware attacks. As a result, WordPress has already released three security updates this year, the latest for the content management system coming last Friday, bringing...
WordPress 'MediaElement.js' Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the MediaElement.js file in WordPress versions 4.2 through...
WordPress <= 2.20.9 - XSS
This vulnerability in flash/FlashMediaElement.as in MediaElement.js allows an attacker to inject arbitrary web script or HTML via the query string. Solution Update WordPress...
WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
...
wordpress -- multiple vulnerabilities
Helen Hou-Sandi reports: WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...
CVE-2013-1967
Cross-site scripting XSS vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter...
CVE-2013-1967
Cross-site scripting XSS vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter...
CVE-2013-1967
CVE-2013-1967 describes a Cross-site scripting (XSS) vulnerability in flashmediaelement.swf used by MediaElement.js before 2.11.2. The flaw affects ownCloud Server deployments, specifically 5.0.x before 5.0.5 and 4.5.x before 4.5.10, where an attacker can inject arbitrary script or HTML via the f...
XSS Vulnerability in MediaElement.js - ownCloud
A cross-site scripting XSS vulnerability in all ownCloud versions prior to 5.0.5 including the 4.5.x branch allows remote attackers to execute arbitrary javascript when a user opens a special crafted URL. This vulnerability exists in the bundled 3rdparty plugin "MediaElement.js", "MediaElement.js...