CVEDB API

Vulnerabilities

Vulnerable Software

Mediaelementjs: >> Mediaelement.js Security Vulnerabilities

CVE-2022-4699

The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

CVSS Score

5.4

EPSS Score

0.002

Published

2023-01-30

CVE-2016-4567

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."

CVSS Score

6.1

EPSS Score

0.039

Published

2016-05-22

CVE-2013-1967

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

CVSS Score

4.3

EPSS Score

0.005

Published

2014-02-05

Page 1

Vulnerabilities

Vulnerable Software

Mediaelementjs: >> Mediaelement.js Security Vulnerabilities

Products

Pricing

Contact Us