Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js prior to 2.21.0, as used in WordPress prior to 4.5.2, allows remote malicious users to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediaelementjs mediaelement.js |
||
wordpress wordpress |