CVE-2013-2023

2013-08-1517:55:00

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

cross-site scripting

xss

jplayer

flash

swf

cve-2013-2023

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022.

CPENameOperatorVersion
happyworm:jplayerhappyworm jplayereq2.0.1
happyworm:jplayerhappyworm jplayereq2.1.2
happyworm:jplayerhappyworm jplayereq0.2.5
happyworm:jplayerhappyworm jplayereq2.0.29
happyworm:jplayerhappyworm jplayereq2.2.4
happyworm:jplayerhappyworm jplayereq2.0.22
happyworm:jplayerhappyworm jplayereq2.2.18
happyworm:jplayerhappyworm jplayereq2.0.23
happyworm:jplayerhappyworm jplayereq2.2.14
happyworm:jplayerhappyworm jplayereq1.1.1

CPE	Name	Operator	Version
happyworm:jplayer	happyworm jplayer	eq	2.0.1
happyworm:jplayer	happyworm jplayer	eq	2.1.2
happyworm:jplayer	happyworm jplayer	eq	0.2.5
happyworm:jplayer	happyworm jplayer	eq	2.0.29
happyworm:jplayer	happyworm jplayer	eq	2.2.4
happyworm:jplayer	happyworm jplayer	eq	2.0.22
happyworm:jplayer	happyworm jplayer	eq	2.2.18
happyworm:jplayer	happyworm jplayer	eq	2.0.23
happyworm:jplayer	happyworm jplayer	eq	2.2.14
happyworm:jplayer	happyworm jplayer	eq	1.1.1