📦

mediaelement.js

Vendor: mediaelementjs

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 1.67% Exploit Prob.

Latest CVE CVE-2022-4699 Jan 30

Security Vulnerability Index

Page 1 / 1

5.4 CVSS

CVE-2022-4699

The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

EPSS: 0.30%

Severity: MEDIUM

Jan 30, 2023

6.1 CVSS

CVE-2016-4567

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."

EPSS: 4.15%

Severity: MEDIUM

May 22, 2016

4.3 CVSS

CVE-2013-1967

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

EPSS: 0.57%

Severity: MEDIUM

Feb 05, 2014

Displaying 3 of 5 Total Entries

Total 1 Sections