CVE-2016-4567 – mediaelement

Package

Manager: npm
Name: mediaelement
Vulnerable Version: >=0 <2.11.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03834 pctl0.87705

Details

MediaElement Vulnerable to Reflected XSS Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.swf in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."

Metadata

Created: 2022-05-17T03:35:09Z
Modified: 2024-04-25T21:38:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-277w-qpxr-2549/GHSA-277w-qpxr-2549.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-277w-qpxr-2549
Finding: F008
Auto approve: 1