Lucene search

K

DebianCVELIST:CVE-2015-3439

HistoryAug 05, 2015 - 10:00 a.m.

CVE-2015-3439

2015-08-0510:00:00

debian

www.cve.org

3

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

75.2%

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

References

codex.wordpress.org/Version_4.1.2

lists.fedoraproject.org/pipermail/package-announce/2015-May/157391.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html

www.debian.org/security/2015/dsa-3250

www.securityfocus.com/bid/74269

www.securitytracker.com/id/1032207

zoczus.blogspot.com/2015/04/plupload-same-origin-method-execution.html

core.trac.wordpress.org/changeset/32168

wordpress.org/news/2015/04/wordpress-4-1-2/

wpvulndb.com/vulnerabilities/7933

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

75.2%

Related for CVELIST:CVE-2015-3439

cve1 openvas8 nvd1 wpvulndb1 patchstack1 ubuntucve1 prion1 debiancve1 nessus6 securityvulns2 osv2 fedora3 debian2