Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2013-1942

HistoryAug 15, 2013 - 5:55 p.m.

CVE-2013-1942

2013-08-1517:55:00

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.

OSVersionArchitecturePackageVersionFilename
Debian9alljquery-jplayer< 2.7.1+dfsg-1jquery-jplayer_2.7.1+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	jquery-jplayer	< 2.7.1+dfsg-1	jquery-jplayer_2.7.1+dfsg-1_all.deb

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for DEBIANCVE:CVE-2013-1942