Lucene search

MitreCVE-2012-3351

HistoryFeb 20, 2020 - 6:15 p.m.

CVE-2012-3351

2020-02-2018:15:11

CWE-79

mitre

web.nvd.nist.gov

cve-2012-3351

xss

longtail video

jw player

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.01

Percentile

83.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.

Affected configurations

Nvd

Node

longtailvideojw_playerRange≤5.10.2295

VendorProductVersionCPE
longtailvideojw_player*cpe:2.3:a:longtailvideo:jw_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
longtailvideo	jw_player	*	cpe:2.3:a:longtailvideo:jw_player::::::::

References

developer.longtailvideo.com/trac/ticket/1585

technet.microsoft.com/security/msvr/msvr12-009

www.exploit-db.com/exploits/37552

www.exploit-db.com/exploits/37672

www.securityfocus.com/bid/54101/discuss

www.securityfocus.com/bid/55199/exploit

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.01

Percentile

83.3%

JSON

Related for CVE-2012-3351