First published: Sun May 22 2016(Updated: )
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/contao-components/mediaelement | >=2.14.2<2.21.1 | |
composer/contao/core | >=3.0.0<3.5.15 | |
Mediaelementjs Mediaelement.js | <=2.20.1 | |
WordPress WordPress | <=4.5.1 | |
composer/contao/core | >=3.0.0<3.5.15 | 3.5.15 |
composer/contao-components/mediaelement | >=2.14.2<2.21.1 | 2.21.1 |
npm/mediaelement | <2.11.1 | 2.11.1 |
<=2.20.1 | ||
<=4.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.