CVE-2015-3439
Published: 5 August 2015
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
Notes
| Author | Note |
|---|---|
| tyhicks | 3.9 to 4.1.1 are affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
wordpress Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(4.4.2+dfsg-1ubuntu1)
|
|
| lucid |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Released
(4.2+dfsg-1)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(4.4.2+dfsg-1ubuntu1)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|