CVE-2016-4567 : Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in Word

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."

Published 2016-05-22 01:59:31

Updated 2016-12-02 23:01:43

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Threat overview for CVE-2016-4567

Top countries where our scanners detected CVE-2016-4567

Top open port discovered on systems with this issue 80

IPs affected by CVE-2016-4567 13

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-4567!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-4567

Probability of exploitation activity in the next 30 days: 0.51%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-4567

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2016-4567

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4567

https://wordpress.org/news/2016/05/wordpress-4-5-2/

News – WordPress 4.5.2 Security Release – WordPress.org
Patch;Vendor Advisory

CVEs referencing this url
https://wpvulndb.com/vulnerabilities/8488

WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
Third Party Advisory
https://core.trac.wordpress.org/changeset/37371

Changeset 37371 – WordPress Trac
Patch
https://github.com/johndyer/mediaelement/blob/master/changelog.md

mediaelement/changelog.md at master · mediaelement/mediaelement · GitHub
Patch;Vendor Advisory
http://www.securitytracker.com/id/1035818

WordPress Input Validation Flaws in 'MediaElement' and 'Plupload' Let Remote Conduct Cross-Site Scripting Attacks - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c

WordPress Flash XSS in flashmediaelement.swf · GitHub
Third Party Advisory
https://codex.wordpress.org/Version_4.5.2

Version 4.5.2 | WordPress.org
Patch;Vendor Advisory

CVEs referencing this url
https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e

Simplify allowed Flash querystring parameters · mediaelement/mediaelement@34834ee · GitHub
Patch;Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/05/07/2

oss-security - CVE Request: wordpress and mediaelement

CVEs referencing this url

Products affected by CVE-2016-4567