[MEDIUM] Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)

PKSA-v6fz-d2wr-384f CVE-2016-4567 GHSA-277w-qpxr-2549

Affected package: contao/core

Affected version: >=3.0.0,<3.5.15

Reported by:
FriendsOfPHP/security-advisories, GitHub