WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-12T16:00:00
Updated: 2024-08-06T02:42:11.252Z
Reserved: 2016-11-10T00:00:00
Link: CVE-2016-9263
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-10-12T16:29:00.247
Modified: 2017-10-26T16:22:14.447
Link: CVE-2016-9263
Redhat
No data.