{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-02T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://zoczus.blogspot.com/2015/04/plupload-same-origin-method-execution.html"}, {"name": "FEDORA-2015-6778", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157391.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/news/2015/04/wordpress-4-1-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/7933"}, {"name": "74269", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74269"}, {"name": "FEDORA-2015-6790", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html"}, {"name": "1032207", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032207"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://core.trac.wordpress.org/changeset/32168"}, {"name": "DSA-3250", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3250"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://codex.wordpress.org/Version_4.1.2"}, {"name": "FEDORA-2015-6808", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2015-3439", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://zoczus.blogspot.com/2015/04/plupload-same-origin-method-execution.html", "refsource": "MISC", "url": "http://zoczus.blogspot.com/2015/04/plupload-same-origin-method-execution.html"}, {"name": "FEDORA-2015-6778", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157391.html"}, {"name": "https://wordpress.org/news/2015/04/wordpress-4-1-2/", "refsource": "CONFIRM", "url": "https://wordpress.org/news/2015/04/wordpress-4-1-2/"}, {"name": "https://wpvulndb.com/vulnerabilities/7933", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/7933"}, {"name": "74269", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74269"}, {"name": "FEDORA-2015-6790", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html"}, {"name": "1032207", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032207"}, {"name": "https://core.trac.wordpress.org/changeset/32168", "refsource": "CONFIRM", "url": "https://core.trac.wordpress.org/changeset/32168"}, {"name": "DSA-3250", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3250"}, {"name": "http://codex.wordpress.org/Version_4.1.2", "refsource": "CONFIRM", "url": "http://codex.wordpress.org/Version_4.1.2"}, {"name": "FEDORA-2015-6808", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:47:57.771Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://zoczus.blogspot.com/2015/04/plupload-same-origin-method-execution.html"}, {"name": "FEDORA-2015-6778", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157391.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/news/2015/04/wordpress-4-1-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/7933"}, {"name": "74269", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74269"}, {"name": "FEDORA-2015-6790", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html"}, {"name": "1032207", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032207"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://core.trac.wordpress.org/changeset/32168"}, {"name": "DSA-3250", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3250"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://codex.wordpress.org/Version_4.1.2"}, {"name": "FEDORA-2015-6808", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-3439", "datePublished": "2015-08-05T10:00:00", "dateReserved": "2015-04-28T00:00:00", "dateUpdated": "2024-08-06T05:47:57.771Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB4D4609-5AD6-44F3-B991-74E35A7E5C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "B79DE40E-BFA7-43DA-AB42-2812FB207941", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "5EED9381-2BFC-4BDA-AC4B-CBC77E8538D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0FDD6C2-CD33-4812-9962-3BE73D450C33", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E372A3D2-FCB5-4A74-840D-EC03732FCC97", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "22427650-230D-4CB0-BACC-723B9B2CDC31", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "18F20563-46BB-4E5C-BEF5-122A32C76261", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "74AF56DD-82D6-4100-B82C-536C46358B07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el shim Ephox (anteriormente Moxiecode) plupload.flash.swf 2.1.2 en Plupload, tal como se utiliza en WordPress 3.9.x, 4.0.x y 4.1.x en versiones anteriores a 4.1.2 y otros productos, permite a atacantes remotos ejecutar funciones JavaScript del mismo origen a trav\u00e9s del par\u00e1metro target, seg\u00fan lo demostrado ejecutando cierta funci\u00f3n de clic, relacionada con _init.as y _fireEvents.as."}], "id": "CVE-2015-3439", "lastModified": "2016-12-06T03:01:00.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-08-05T10:59:00.263", "references": [{"source": "security@debian.org", "tags": ["Exploit", "Patch"], "url": "http://codex.wordpress.org/Version_4.1.2"}, {"source": "security@debian.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157391.html"}, {"source": "security@debian.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html"}, {"source": "security@debian.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2015/dsa-3250"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/74269"}, {"source": "security@debian.org", "url": "http://www.securitytracker.com/id/1032207"}, {"source": "security@debian.org", "tags": ["Exploit"], "url": "http://zoczus.blogspot.com/2015/04/plupload-same-origin-method-execution.html"}, {"source": "security@debian.org", "url": "https://core.trac.wordpress.org/changeset/32168"}, {"source": "security@debian.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://wordpress.org/news/2015/04/wordpress-4-1-2/"}, {"source": "security@debian.org", "url": "https://wpvulndb.com/vulnerabilities/7933"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}