CVE-2016-4567: Cross-site Scripting

May 21, 2016 (updated December 2, 2016)

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by jsinitfunctio%gn."

References

contao.org/en/news/contao-3_5_15.html

Code Behaviors & Features

Detect and mitigate CVE-2016-4567 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →