131 matches found
WordPress: Multiple stored XSS in WordPress
Enguerran discovered a way to store payloads that would trigger XSS in the MediaElement Flash and Silverlight files that were bundled with WordPress. We coordinated a fix with MediaElement, and moved the files from WordPress Core to an optional plugin, since most users no longer needed them...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
Cross-site Scripting (XSS)
mediaelement is vulnerable to cross-site scripting XSS attacks. The library does not sanitize user input, allowing a malicious user to inject and execute arbitrary code...
news.ladbrokes.com XSS vulnerability
Open Bug Bounty ID: OBB-189259 Description| Value ---|--- Affected Website:| news.ladbrokes.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
es.nethive.com XSS vulnerability
Vulnerable URL: https://es.nethive.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%60OPENBUGBOUNTY%60 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
press.parkwind.eu XSS vulnerability
Vulnerable URL: https://press.parkwind.eu/blog/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%60OPENBUGBOUNTY%60 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...
pers.livecomedy.be XSS vulnerability
Vulnerable URL: https://pers.livecomedy.be/blog/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%60OPENBUGBOUNTY%60 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...
emirates.com XSS vulnerability
Vulnerable URL: http://www.emirates.com/media-centre/blog/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%60OPENBUGBOUNTY%60 Details: Description| Value ---|--- Patched:| Yes, at 24.08.2016 Latest check for patch:| 24.08.2016 03:50 GMT Vulnerability type:| XSS Vulnerabili...
drpimplepopper.com XSS vulnerability
Open Bug Bounty ID: OBB-169912 Description| Value ---|--- Affected Website:| drpimplepopper.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
orthodonticsolution.com XSS vulnerability
Open Bug Bounty ID: OBB-165370 Description| Value ---|--- Affected Website:| orthodonticsolution.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
museomaranello.ferrari.com XSS vulnerability
Vulnerable URL: http://museomaranello.ferrari.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...
allegro.naszkornik.pl XSS vulnerability
Open Bug Bounty ID: OBB-154644 Description| Value ---|--- Affected Website:| allegro.naszkornik.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
optus-labs.com XSS vulnerability
Vulnerable URL: http://optus-labs.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 04.04.2017 Latest check for patch:| 04.04.2017 02:00 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
access.aol.com XSS vulnerability
Vulnerable URL: http://access.aol.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 02.06.2016 Latest check for patch:| 02.06.2016 18:10 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
rdprojects.bitdefender.com XSS vulnerability
Vulnerable URL: https://rdprojects.bitdefender.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 25.07.2016 Latest check for patch:| 25.07.2016 19:11 GMT Vulnerability type:| XSS Vulnerability status:|...
avg.co.kr XSS vulnerability
Vulnerable URL: http://www.avg.co.kr/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...
blog.telefonica.de XSS vulnerability
Vulnerable URL: https://blog.telefonica.de/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 20.09.2017 Latest check for patch:| 20.09.2017 08:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
cashclearing.societegenerale.com XSS vulnerability
Vulnerable URL: http://cashclearing.societegenerale.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...