Lucene search
Veracode Vulnerability DatabaseVERACODE:5279HistoryOct 13, 2017 - 7:48 a.m.
Cross-domain Flash Injection (XSF)
2017-10-1307:48:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
34.8%
WordPress is vulnerable to cross-domain flash injection (XSF) attacks. The attack can be triggered via the code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. The vulnerability is possible only when domain-based flashmediaelement.swf sandboxing is not used.
Related
prion
prion
Cross site scripting
2017-10-12 16:29:00
ubuntucve
ubuntucve
CVE-2016-9263
2017-10-12 00:00:00
debiancve
debiancve
CVE-2016-9263
2017-10-12 16:29:00
cve
cve
CVE-2016-9263
2017-10-12 16:29:00
osv
osv
CVE-2016-9263
2017-10-12 16:29:00
wordpress - security update
2017-10-31 00:00:00
nvd
nvd
CVE-2016-9263
2017-10-12 16:29:00
cvelist
cvelist
CVE-2016-9263
2017-10-12 16:00:00
openvas
openvas
WordPress < 4.9 Multiple Vulnerabilities
2021-03-17 00:00:00
Debian: Security Advisory (DLA-1151-1)
2018-02-06 00:00:00
wpvulndb
wpvulndb
WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
2018-01-17 00:00:00
nessus
nessus
WordPress < 4.8.3 Multiple Vulnerabilities
2017-11-02 00:00:00
debian
debian
[SECURITY] [DLA 1151-1] wordpress security update
2017-10-31 15:22:01