WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
References
Link | Resource |
---|---|
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/ | Release Notes Vendor Advisory |
https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850 | Patch |
https://codex.wordpress.org/Version_4.9.2 | Product Vendor Advisory |
https://wpvulndb.com/vulnerabilities/9006 | Third Party Advisory |
Configurations
Information
Published : 2018-01-18 14:29
Updated : 2018-02-01 07:06
NVD link : CVE-2018-5776
Mitre link : CVE-2018-5776
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
wordpress
- wordpress