Cross site scripting

2021-10-0616:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

45.1%

JSON

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.

CPENameOperatorVersion
fv_flowplayer_video_playerge7.5.0.727
fv_flowplayer_video_playerle7.5.2.727

CPE	Name	Operator	Version
	fv_flowplayer_video_player	ge	7.5.0.727
	fv_flowplayer_video_player	le	7.5.2.727

References

plugins.trac.wordpress.org/changeset/2580834/fv-wordpress-flowplayer/trunk/view/stats.php

www.wordfence.com/vulnerability-advisories/

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for PRION:CVE-2021-39350