NVD

Id
20182  
Name
CVE-2016-4566  
Description
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-05-21  
Modified Date
2016-12-02  
Seq
2016-4566  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
110204 20182 CVE-2016-4566 [oss-security] 20160507 CVE Request: wordpress and mediaelement  View
110205 20182 CVE-2016-4566 http://www.plupload.com/punbb/viewtopic.php?pid=28690  View
110206 20182 CVE-2016-4566 1035818  View
110207 20182 CVE-2016-4566 https://codex.wordpress.org/Version_4.5.2  View
110208 20182 CVE-2016-4566 https://core.trac.wordpress.org/changeset/37382/  View
110209 20182 CVE-2016-4566 https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e  View
110210 20182 CVE-2016-4566 https://wordpress.org/news/2016/05/wordpress-4-5-2/  View
110211 20182 CVE-2016-4566 https://wpvulndb.com/vulnerabilities/8489  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
2102 JVNDB-2016-002875 WordPress で使用される Plupload の plupload.flash.swf におけるクロスサイトスクリプティングの脆弱性 WordPress で使用される Plupload の plupload.flash.swf には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2016-4566 91072 CVE-2016-4566 20182 4.3 6.1 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002875.html 2016-05-15 2016-05-25 View