CVE-2016-9263

WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.

Published : 2017-10-12 16:29 Updated : 2017-10-26 16:22

2.6
CVSS Score More info
Score 2.6 / 10
2.6
Vendor Product Version URI
Wordpress Wordpress 4.8.2 cpe:/a:wordpress:wordpress:4.8.2
  1. Wordpress (1) Search CVE
    1. Wordpress (1) Search CVE
      1. 4.8.2

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2017-10-26 16:22
2017-10-19 01:30
2017-10-12 16:29

New CVE