Cross site scripting

2020-02-2018:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.

CPENameOperatorVersion
jw_playerle5.10.2295

CPE	Name	Operator	Version
	jw_player	le	5.10.2295

References

developer.longtailvideo.com/trac/ticket/1585

technet.microsoft.com/security/msvr/msvr12-009

www.exploit-db.com/exploits/37552

www.exploit-db.com/exploits/37672

www.securityfocus.com/bid/54101/discuss

www.securityfocus.com/bid/55199/exploit