Description

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

Remediation

References

CVE-2015-3439

Related Vulnerabilities

WordPress Plugin Structured Content (JSON-LD) #wpsc Cross-Site Scripting (1.5)

PostgreSQL Resource Management Errors Vulnerability (CVE-2012-2655)

Jenkins Improper Handling of Inconsistent Structural Elements Vulnerability (CVE-2021-21640)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978)

OpenSSL Resource Management Errors Vulnerability (CVE-2011-3210)

Severity

Medium

Classification

CVE-2015-3439 CWE-707

Tags

Missing Update Known Vulnerabilities