CVE-2013-2204 - OpenCVE

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tinymce	Media
Wordpress	Wordpress

Configuration 1 [-]

OR	cpe:2.3:a:tinymce:media:-:::::::*
	cpe:2.3:a:wordpress:wordpress::::::::
	cpe:2.3:a:wordpress:wordpress:0.71:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.4:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.5:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.5:a::::::
	cpe:2.3:a:wordpress:wordpress:1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.3.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.3.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.6.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.7:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.8:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.9:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.10:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.11:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.7:::::::*
	cpe:2.3:a:wordpress:wordpress:2.7.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.4:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.4:a::::::
	cpe:2.3:a:wordpress:wordpress:2.8.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.5.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.5.2:::::::*
cpe:2.3:a:wordpress:wordpress:2.8.6:::::::*
cpe:2.3:a:wordpress:wordpress:2.9:::::::*
cpe:2.3:a:wordpress:wordpress:2.9.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.9.1.1:::::::*
cpe:2.3:a:wordpress:wordpress:2.9.2:::::::*
cpe:2.3:a:wordpress:wordpress:3.3:::::::*
cpe:2.3:a:wordpress:wordpress:3.3.1:::::::*
cpe:2.3:a:wordpress:wordpress:3.3.2:::::::*
cpe:2.3:a:wordpress:wordpress:3.3.3:::::::*
cpe:2.3:a:wordpress:wordpress:3.4.0:::::::*
cpe:2.3:a:wordpress:wordpress:3.4.1:::::::*
cpe:2.3:a:wordpress:wordpress:3.4.2:::::::*
cpe:2.3:a:wordpress:wordpress:3.5.0:::::::*

No data.

References

Link	Providers
http://codex.wordpress.org/Version_3.5.2
http://wordpress.org/news/2013/06/wordpress-3-5-2/
http://www.debian.org/security/2013/dsa-2718
https://bugzilla.redhat.com/show_bug.cgi?id=976784
https://github.com/moxiecode/moxieplayer/commit/b61ac518ffa2657e2dc9019b2dcf2f3f37dbfab0

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-07-08T20:00:00

Updated: 2024-08-06T15:27:41.131Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2204

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-07-08T20:55:01.117

Modified: 2013-08-13T17:21:44.043

Link: CVE-2013-2204

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object