Vulnerabilites related to mediaelementjs - mediaelement.js
Vulnerability from fkie_nvd
Published
2014-02-05 15:10
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA26473-CFC6-47C4-AFE2-3054009C72B1",
"versionEndIncluding": "2.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "240CE762-4A1C-4DA2-B3B2-CA62EE52D0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07E7E16E-4CEE-4A52-BBFB-A6B91F554F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3BBB9D-E51F-45CE-80A2-8C941C61D226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE56777-4889-4EA5-ACCE-30E9BD4160BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F2661722-5819-4A10-8E20-F55742FC4142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D578448-06BC-4357-9869-F6A82ADF8454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "61F877B3-EB9D-4EC1-8C41-47AC43D2B4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1917822-5F80-4D6B-B0EC-FBD19D6838B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66323183-39E6-4B61-8D02-31BABE830742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1A46F6-4BD6-4C4D-BB80-C6F0248EBA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1FD461-CBFA-47B5-AFA9-F53493564CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63CA46F2-D56C-4623-873F-03F76AE0967A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D48EC6C3-FA37-4EBF-8E5E-3A2642078CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C4067F47-07AE-49FD-ABF4-33639E1F82E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6982962-AF0F-4FBD-BEFE-684D82155DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB916FFE-72D0-4952-A253-6AE469A390F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "688FC4B8-B09F-4F7D-98A5-B58127112588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6A45E1-EC36-4E80-8893-8BE16E8FBBD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3BB08E-6D8E-4E38-8899-B464D49FCC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FEE2BB-48F2-41D5-BB15-C8A999406416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A486DBC-85B8-4FEA-A353-EB31BEE48FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E521-43E8-4264-8871-59DA99ECF989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAA10E4-CDBA-4FD5-8651-F7598FA77129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "33CBE52A-ACEA-4111-B3E6-AB1336F171B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AF7654-E0E0-48EC-91BA-806F79391472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "760B1D50-D216-4931-ACE0-1A1F4C317988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE0548B-A35B-431E-B42B-84CAB8E4EC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB61B69A-66B9-4C5C-A16B-1C3F9EEB15DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A65BF1E-61C7-4600-A1D0-D41D16A136A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673260C-72A4-4E1F-8762-94A511828701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF5E7B9-08F9-40C4-BD4C-F540777BADCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64830A8B-3066-4128-B66B-72EE83B3AEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E92C560A-8541-4E13-8605-D9821E2F2BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "922C630F-B3AE-4FB6-BE62-02D86E71ADF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D07ED7E1-44B4-48A1-82B2-8E293E0AB65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35E695A-D051-49C0-8CED-1BF8BBE1DA81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BDED28-1792-4B00-816A-F25AA3B63C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF363EE-4C2C-46C5-91A0-41BEC3C35B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF4CF6E-0DAC-4F8F-8C26-00261B2A5A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81E2112D-E069-43DF-AC97-413833190790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18B789B0-EA7B-4374-BC57-6889B6734715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFCB4FBC-DE26-4DFE-BC54-D4D9FBD4A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "469C4EF8-269F-4720-A795-EFBD4E416E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5D42F6-7503-4CDE-88D0-CD864B4DDBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFAE329-FED7-4605-9412-0EC179052DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F299E7B-91F8-43DA-816A-B57D39578A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72D1457F-B1BD-4F6C-AA9E-25E2C5A6CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83BD72-FF91-459C-AB43-535ECF32F356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BC3D75-F2D8-4F07-994D-68F6D1BCFA1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C91E7FF3-72B0-4259-8251-57E4C8EDA96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B8CB5D-0C8C-48C2-AC35-8892345FC15D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53EE9E64-AD8E-4977-A4A5-4844F1754A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E20C7FBF-A9D5-42B0-A158-A96350F04DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E011E781-BC0D-4F82-990B-D6C3D9399D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87334357-BC8E-4D84-80EC-DC4F5875BB76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44BC2156-5E22-4E91-ACFE-5FED3E243202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A207B2-EF39-4B7D-A5CA-7888104A048C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFDA2F2-1C4A-4F88-9064-C1B2BED96A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6359E2E1-D5E3-447D-AED4-8ECACF519744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A36FA3C-15AE-451E-8501-EC16BC724B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFE7414-9B96-4F1D-91C5-CC696EAB9453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF94D01-0957-4813-B7AE-83203C641375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0A4102-E5EB-4506-8885-1ED8E4E40D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5C825F-7EEF-41B7-96BF-0422F8362321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03DBF23C-CFDC-4B45-85A6-308FC2B3B6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8D9B75-C502-41DF-9BF4-443431B1EC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0A0BE7-DC7B-4F26-8E76-C91D32B16A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43977908-CF0D-4506-B79D-CB6BBB103202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B10A7BBC-ACEF-4688-BC82-8A2A3DA2495C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CC7114-7EAF-4328-8026-11A7C988E379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56D46962-C2C4-4468-9DB0-15AFF4FE8032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8577131-CCE2-4B98-8763-8F99E267BD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79A6F6FF-7E31-4337-93E0-ED05D3D698D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C21E9F9A-5734-4819-8845-E82ADC29ABD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D57EBB84-E1B2-44F4-BD7B-8D4A79A2E2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2E90708D-CA85-4034-ADA7-72522812CEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C4F18-4056-4ED3-B1E7-C945849FE97C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1FA818-0C13-4F41-9AF8-F31B035491F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F48864EB-2863-4C12-8F3B-DC90C29F6719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CACD6812-4C89-46C9-B483-96829102157F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D89BE316-CE49-49CB-85FB-B93C86E07276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD902884-4F28-4AF6-A8D7-A6CD15048B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B18395A6-B385-4ADB-9278-5F59FF339F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "94834DA8-247E-4A53-A95A-708AF7F9AC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35203A98-76CE-4475-9C4A-60E6A1990B8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en flashmediaelement.swf en MediaElement.js anterior a 2.11.2, utilizado en OwnCloud Server 5.0.x anterior a 5.0.5 y 4.5.x anterior a 4.5.10, permite a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s del par\u00e1metro file."
}
],
"id": "CVE-2013-1967",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-05T15:10:05.017",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53079"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-22 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediaelementjs | mediaelement.js | * | |
| wordpress | wordpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1F3E4B-3818-4C0E-9BFA-B2183A8CE8D5",
"versionEndIncluding": "2.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5AB579-3BD2-49C4-9260-E8FB37637360",
"versionEndIncluding": "4.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by \"jsinitfunctio%gn.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en flash/FlashMediaElement.as en MediaElement.js en versiones anteriores a 2.21.0, como se utiliza en WordPress en versiones anteriores a 4.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un formulario ofuscado del par\u00e1metro jsinitfunction, como es demostrado por \"jsinitfunctio%gn\"."
}
],
"id": "CVE-2016-4567",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-22T01:59:31.230",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/05/07/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035818"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codex.wordpress.org/Version_4.5.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://core.trac.wordpress.org/changeset/37371"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/johndyer/mediaelement/blob/master/changelog.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/news/2016/05/wordpress-4-5-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/05/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codex.wordpress.org/Version_4.5.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://core.trac.wordpress.org/changeset/37371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/johndyer/mediaelement/blob/master/changelog.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/news/2016/05/wordpress-4-5-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8488"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-30 21:15
Modified
2025-04-21 13:58
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediaelementjs | mediaelement.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B018E086-49DB-48C3-95A1-BE17E324E738",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins."
},
{
"lang": "es",
"value": "El complemento MediaElement.js de WordPress hasta la versi\u00f3n 4.2.8 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a la p\u00e1gina, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como el de colaborador realizar ataques de cross-site scripting almacenado que podr\u00edan ser utilizados contra usuarios con altos privilegios, como administradores."
}
],
"id": "CVE-2022-4699",
"lastModified": "2025-04-21T13:58:19.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-30T21:15:11.907",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2016-4567 (GCVE-0-2016-4567)
Vulnerability from cvelistv5
Published
2016-05-22 01:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:26.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/johndyer/mediaelement/blob/master/changelog.md"
},
{
"name": "[oss-security] 20160507 CVE Request: wordpress and mediaelement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/07/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codex.wordpress.org/Version_4.5.2"
},
{
"name": "1035818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035818"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/news/2016/05/wordpress-4-5-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/37371"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by \"jsinitfunctio%gn.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/johndyer/mediaelement/blob/master/changelog.md"
},
{
"name": "[oss-security] 20160507 CVE Request: wordpress and mediaelement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/07/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codex.wordpress.org/Version_4.5.2"
},
{
"name": "1035818",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035818"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/news/2016/05/wordpress-4-5-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.trac.wordpress.org/changeset/37371"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by \"jsinitfunctio%gn.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/johndyer/mediaelement/blob/master/changelog.md",
"refsource": "CONFIRM",
"url": "https://github.com/johndyer/mediaelement/blob/master/changelog.md"
},
{
"name": "[oss-security] 20160507 CVE Request: wordpress and mediaelement",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/07/2"
},
{
"name": "https://codex.wordpress.org/Version_4.5.2",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.5.2"
},
{
"name": "1035818",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035818"
},
{
"name": "https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c",
"refsource": "MISC",
"url": "https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c"
},
{
"name": "https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e",
"refsource": "CONFIRM",
"url": "https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8488",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8488"
},
{
"name": "https://wordpress.org/news/2016/05/wordpress-4-5-2/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2016/05/wordpress-4-5-2/"
},
{
"name": "https://core.trac.wordpress.org/changeset/37371",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/changeset/37371"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4567",
"datePublished": "2016-05-22T01:00:00",
"dateReserved": "2016-05-07T00:00:00",
"dateUpdated": "2024-08-06T00:32:26.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4699 (GCVE-0-2022-4699)
Vulnerability from cvelistv5
Published
2023-01-30 20:31
Modified
2025-03-27 19:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | MediaElement.js |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:39.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T19:23:19.355601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:24:11.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "affected",
"product": "MediaElement.js",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T20:31:47.064Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MediaElement.js \u2013 HTML5 Video \u0026 Audio Player \u003c= 4.2.8 - Contributor+ Stored XSS via Shortcode",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4699",
"datePublished": "2023-01-30T20:31:47.064Z",
"dateReserved": "2022-12-23T16:31:50.044Z",
"dateUpdated": "2025-03-27T19:24:11.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1967 (GCVE-0-2013-1967)
Vulnerability from cvelistv5
Published
2014-02-05 15:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mediaelementjs-flashmediaelement-xss(83647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"name": "[oss-security] 20130417 Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"name": "53079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"name": "[oss-security] 20130421 ownCloud Security Advisories (2013-017, 2013-018)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "mediaelementjs-flashmediaelement-xss(83647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"name": "[oss-security] 20130417 Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"name": "53079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"name": "[oss-security] 20130421 ownCloud Security Advisories (2013-017, 2013-018)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1967",
"datePublished": "2014-02-05T15:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}