CVE-2015-3439 in Pluploadinfo

Summary

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

04/28/2015

Disclosure

08/05/2015

Moderation

VulDB entry created

Entries

VDB-76925 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.3

EPSS

0.03125

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-3439
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-3439
CVE Details	https://www.cvedetails.com/cve/CVE-2015-3439/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!