Skip to main content
CVE-2015-3439 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Debian Linux
NVD
CVSS 2.0
4.3
EPSS
3.1%
CVE-2015-3438 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Debian Linux
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2015-4167 MEDIUM This Month

The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Debian Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy