CVSS: 6.4EPSS: 3%CPEs: 2EXPL: 0CVE-2016-4567 – WordPress Core < 4.5.2 - Cross-Site Scripting via MediaElement.js
https://notcve.org/view.php?id=CVE-2016-4567
06 May 2016 — Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." Vulnerabilidad de XSS en flash/FlashMediaElement.as en MediaElement.js en versiones anteriores a 2.21.0, como se utiliza en WordPress en versiones anteriores a 4.5.2, permite a atacantes remotos inyectar secuencias... • http://www.openwall.com/lists/oss-security/2016/05/07/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 86EXPL: 1CVE-2013-1967
https://notcve.org/view.php?id=CVE-2013-1967
05 Feb 2014 — Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. Vulnerabilidad de XSS en flashmediaelement.swf en MediaElement.js anterior a 2.11.2, utilizado en OwnCloud Server 5.0.x anterior a 5.0.5 y 4.5.x anterior a 4.5.10, permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro f... • http://owncloud.org/about/security/advisories/oC-SA-2013-017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •