CVE-2013-2204 in WordPressinformazioni

Riassunto

di MITRE

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Prenotare

19/02/2013

Divulgazione

08/07/2013

Moderazione

accettato

CPE

pronto

EPSS

0.02904

KEV

no

Attività

molto basso

Fonti

Interested in the pricing of exploits?

See the underground prices here!