Lucene search
K

64 matches found

Patchstack
Patchstack
added 2024/04/22 12:0 a.m.12 views

WordPress FV Flowplayer Video Player Plugin <= 7.5.43.7212 is vulnerable to Server Side Request Forgery (SSRF)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.43.7212 Fixed in 7.5.45.7212 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32955 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID...

4.9CVSS6.6AI score0.00254EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.9 views

WordPress FV Flowplayer Video Player Plugin <= 7.5.41.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.41.7212 Fixed in 7.5.44.7212 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22299 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8f54d6f5d663 Credits Rafie...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.4 views

PT-2024-19320 · Unknown · Fv Flowplayer Video Player

Name of the Vulnerable Software and Affected Versions: FV Flowplayer Video Player versions n/a through 7.5.41.7212 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS. Recommendations: For...

7.1CVSS9.4AI score0.00394EPSS
Exploits0References5
NVD
NVD
added 2024/03/19 3:15 p.m.20 views

CVE-2024-29122

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212...

6.5CVSS6.5AI score0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.4 views

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/16 12:0 a.m.12 views

WordPress FV Flowplayer Video Player Plugin <= 7.5.41.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.41.7212 Fixed in 7.5.44.7212 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29122 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c4975faa05b5 Credits Byeongjun Jo...

6.5CVSS6.6AI score0.0034EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/25 12:0 a.m.13 views

WordPress FV Flowplayer Video Player Plugin <= 7.5.37.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.37.7212 Fixed in 7.5.39.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4520 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d232095d565d...

6.1CVSS5.6AI score0.00471EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/08/18 3:15 p.m.13 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.32.7212 versions...

5.8CVSS6AI score0.00396EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/18 2:41 p.m.37 views

CVE-2023-30499

CVE-2023-30499 refers to an unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability in the FolioVision FV Flowplayer Video Player plugin for WordPress, affected versions

7.1CVSS6AI score0.00396EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/03 12:0 a.m.9 views

WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.32.7212 Fixed in 7.5.35.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30499 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 08f2f9dc3464...

7.1CVSS5.6AI score0.00396EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/02/14 6:15 a.m.19 views

CVE-2023-25066

Cross-Site Request Forgery CSRF vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.30.7212 versions...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References1
Prion
Prion
added 2023/02/14 6:15 a.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.30.7212 versions...

6.8CVSS8.7AI score0.00271EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/14 5:32 a.m.10 views

CVE-2023-25066 WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.30.7212 versions...

4.3CVSS8.8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2022/12/19 2:15 p.m.15 views

CVE-2022-3984

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/19 1:41 p.m.18 views

CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.6AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/12/19 1:41 p.m.8 views

CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2022/12/19 1:41 p.m.67 views

CVE-2022-3984

CVE-2022-3984 concerns the Flowplayer Video Player WordPress plugin, affected versions prior to 1.0.5. The root cause is failure to validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as Contributor. The compromise vector is via crafted shortco...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.16 views

WordPress Flowplayer Video Player plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Flowplayer Video Player plugin versions = 1.0.4. Solution Update the WordPress Flowplayer Video Player plugin to the latest available version at least 1.0.5...

3.1AI score0.00471EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/04/04 7:46 p.m.76 views

CVE-2022-25613

Summary : CVE-2022-25613 is an authenticated persistent Cross-Site Scripting (XSS) vulnerability in the WordPress FV Flowplayer Video Player plugin (versions

5.4CVSS4.7AI score0.00549EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/03/22 12:0 a.m.18 views

WordPress FV Flowplayer Video Player plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress FV Flowplayer Video Player plugin version 7.5.15.727 and earlier versions are vulnerable to SQL injection. The vulnerability...

7.2CVSS4AI score0.00795EPSS
Exploits0References1
Rows per page
Query Builder