Lucene search
K

297 matches found

OSV
OSV
added 2021/01/15 5:15 p.m.1 views

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

5.4CVSS6.2AI score0.0092EPSS
Exploits1References2
NVD
NVD
added 2021/01/15 5:15 p.m.13 views

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

5.4CVSS5.2AI score0.0092EPSS
Exploits1References2
Prion
Prion
added 2021/01/15 5:15 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

3.5CVSS5.1AI score0.0092EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/01/15 4:50 p.m.12 views

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

5.2AI score0.0092EPSS
Exploits1References2
CVE
CVE
added 2021/01/15 4:50 p.m.76 views

CVE-2020-35748

FV Flowplayer Video Player plugin for WordPress is affected by a cross-site scripting (XSS) vulnerability in models/list-table.php, fixed in versions 7.4.38.727 and later. The issue allows remote authenticated users to inject arbitrary script/HTML via the fv_wp_fvvideoplayer_src field in the data...

5.4CVSS5.1AI score0.0092EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/15 12:0 a.m.17 views

FV Flowplayer Video Player < 7.4.38.727 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the fvwpfvvideoplayersrc parameter when creating or editing the video player, which will then be triggered when viewing the table of players in the admin dashboard...

3.5CVSS3.1AI score0.0092EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2021/01/15 12:0 a.m.19 views

WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Arcangelo Saracino in WordPress FV Flowplayer Video Player plugin versions = 7.4.37.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.4.38.727...

5.4CVSS2.9AI score0.0092EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/01/15 12:0 a.m.8 views

WordPress FV Flowplayer Video Player 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. relevant is a relevant content display plugin used in it. A cross-site...

5.4CVSS6.1AI score0.0092EPSS
Exploits1References3
NVD
NVD
added 2020/02/14 8:15 p.m.48 views

CVE-2013-4211

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...

9.8CVSS9.7AI score0.76415EPSS
Exploits5References5
Prion
Prion
added 2020/02/14 8:15 p.m.19 views

Remote code execution

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...

7.5CVSS8.2AI score0.76415EPSS
Exploits5References5Affected Software1
Cvelist
Cvelist
added 2020/02/14 7:59 p.m.43 views

CVE-2013-4211

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...

9.7AI score0.76415EPSS
Exploits5References5
NVD
NVD
added 2020/02/08 4:15 p.m.40 views

CVE-2011-3642

Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...

9.6CVSS8AI score0.07263EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2020/02/08 4:15 p.m.29 views

CVE-2011-3642

Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...

9.6CVSS7.3AI score0.07263EPSS
Exploits1References2
Prion
Prion
added 2020/02/08 4:15 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...

6.8CVSS6.2AI score0.07263EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2020/02/08 3:46 p.m.117 views

CVE-2011-3642

Summary : CVE-2011-3642 is an XSS flaw in Flowplayer Flash (versions 3.2.7–3.2.16) used by the TYPO3 News system extension (and Mahara). An attacker can inject arbitrary script/HTML via the plugin configuration directive that references an external domain plugin, potentially compromising site use...

9.6CVSS7.7AI score0.07263EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2020/02/08 3:46 p.m.27 views

CVE-2011-3642

Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...

7.9AI score0.07263EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.15 views

FV Flowplayer Video Player Plugin for WordPress < 7.3.19.727 SQL Injection

The WordPress FV Flowplayer Video Player Plugin installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this issue to manipulate SQL queries, resulting in the disclosure of sensitive information a...

10CVSS7.8AI score0.04371EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/08/29 12:0 a.m.19 views

WordPress FV Flowplayer Video Player Plugin < 7.3.15.727 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113485";...

5.3CVSS5.4AI score0.01516EPSS
Exploits1References2
CNVD
CNVD
added 2019/08/20 12:0 a.m.3 views

WordPress FV Flowplayer Video Player Plugin Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. An information disclosure vulnerability exists in the...

5.3CVSS6.1AI score0.01516EPSS
Exploits1References1
OSV
OSV
added 2019/08/15 3:15 p.m.4 views

CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI...

5.3CVSS6.1AI score0.01516EPSS
Exploits1References2
Rows per page
Query Builder