Filedescriptor

Researcher fromCure53
#16287of 53,622
16.5Total CVSS
Vulnerabilities · 3
Medium
3
PT-2016-6026
6.1
2016-05-22
Plupload · Plupload · CVE-2016-4566
**Name of the Vulnerable Software and Affected Versions** Plupload versions prior to 2.1.9 WordPress versions prior to 4.5.2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. **Recommendations** For Plupload versions prior to 2.1.9, update to version 2.1.9 or later. For WordPress versions prior to 4.5.2, update to version 4.5.2 or later.
PT-2016-6027
6.1
2016-05-22
John Dyer · Mediaelement.Js · CVE-2016-4567
**Name of the Vulnerable Software and Affected Versions** MediaElement.js versions prior to 2.21.0 WordPress versions prior to 4.5.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the `jsinitfunction` parameter. This can be demonstrated by using "jsinitfunctio%gn" as an example of the obfuscated form. **Recommendations** For MediaElement.js versions prior to 2.21.0, update to version 2.21.0 or later to resolve the issue. For WordPress versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `flash/FlashMediaElement.swf` file in MediaElement.js until a patch is available. Avoid using the `jsinitfunction` parameter in its obfuscated form until the issue is resolved.
PT-2015-5194
4.3
2015-07-21
Opera · Opera · CVE-2015-1287
**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 44.0.2403.89 Opera (affected versions not specified) **Description** The issue enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type. This allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. **Recommendations** For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.