VYPR
Medium severity6.1NVD Advisory· Published May 22, 2016· Updated Jun 17, 2026

CVE-2016-4567

CVE-2016-4567

Description

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mediaelementnpm
< 2.11.12.11.1
contao-components/mediaelementPackagist
>= 2.14.2, < 2.21.12.21.1
contao/corePackagist
>= 3.0.0, < 3.5.153.5.15

Affected products

5

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.