4.7
CVE-2016-9263
- EPSS 1.24%
- Veröffentlicht 12.10.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWordPress Core < 4.9.1 - Cross-domain Flash injection
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.25, 3.8.25, 3.9.24, 4.0.22, 4.1.22, 4.2.19, 4.3.15, 4.4.14, 4.5.13, 4.6.10, 4.7.9, 4.8.5, 4.9.2
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.7)
Version
3.7 - 3.7.24
Version
3.8 - 3.8.24
Version
3.9 - 3.9.23
Version
4.0 - 4.0.21
Version
4.1 - 4.1.21
Version
4.2 - 4.2.18
Version
4.3 - 4.3.14
Version
4.4 - 4.4.13
Version
4.5 - 4.5.12
Version
4.6 - 4.6.9
Version
4.7 - 4.7.8
Version
4.8 - 4.8.4
Version
4.9 - 4.9.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.786 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1.6 | 2.7 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.