Описание
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationThird Party Advisory
- Third Party AdvisoryVDB Entry
- MitigationThird Party Advisory
Уязвимые конфигурации
EPSS
4.7 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
Связанные уязвимости
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
EPSS
4.7 Medium
CVSS3
2.6 Low
CVSS2