Description

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.

Remediation

References

CVE-2015-3439

Related Vulnerabilities

Joomla Other Vulnerability (CVE-2006-2960)

WordPress Plugin YITH Custom Thank You Page for Woocommerce Security Bypass (1.1.6)

Drupal Other Vulnerability (CVE-2016-3167)

Oracle Database Server Credentials Management Errors Vulnerability (CVE-2007-6260)

PHP version older than 5.2.8

Severity

Medium

Classification

CVE-2015-3439 CWE-707

Tags

Missing Update Known Vulnerabilities