Description

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

Remediation

References

CVE-2015-3439

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2006-4684)

WordPress Plugin Calendar_plugin Cross-Site Scripting (1.0)

MySQL CVE-2019-2752 Vulnerability (CVE-2019-2752)

WordPress Plugin Scoutnet Kalender Cross-Site Scripting (1.1.0)

Perl Integer Overflow or Wraparound Vulnerability (CVE-2020-10878)

Severity

Medium

Classification

CVE-2015-3439 CWE-707

Tags

Missing Update Known Vulnerabilities