297 matches found
CVE-2020-35748
Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...
CVE-2020-35748
Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...
CVE-2020-35748
Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...
CVE-2020-35748
FV Flowplayer Video Player plugin for WordPress is affected by a cross-site scripting (XSS) vulnerability in models/list-table.php, fixed in versions 7.4.38.727 and later. The issue allows remote authenticated users to inject arbitrary script/HTML via the fv_wp_fvvideoplayer_src field in the data...
FV Flowplayer Video Player < 7.4.38.727 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not sanitise the fvwpfvvideoplayersrc parameter when creating or editing the video player, which will then be triggered when viewing the table of players in the admin dashboard...
WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Arcangelo Saracino in WordPress FV Flowplayer Video Player plugin versions = 7.4.37.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.4.38.727...
WordPress FV Flowplayer Video Player 跨站脚本漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. relevant is a relevant content display plugin used in it. A cross-site...
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
Remote code execution
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
CVE-2011-3642
Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...
CVE-2011-3642
Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...
Cross site scripting
Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...
CVE-2011-3642
Summary : CVE-2011-3642 is an XSS flaw in Flowplayer Flash (versions 3.2.7–3.2.16) used by the TYPO3 News system extension (and Mahara). An attacker can inject arbitrary script/HTML via the plugin configuration directive that references an external domain plugin, potentially compromising site use...
CVE-2011-3642
Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...
FV Flowplayer Video Player Plugin for WordPress < 7.3.19.727 SQL Injection
The WordPress FV Flowplayer Video Player Plugin installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this issue to manipulate SQL queries, resulting in the disclosure of sensitive information a...
WordPress FV Flowplayer Video Player Plugin < 7.3.15.727 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113485";...
WordPress FV Flowplayer Video Player Plugin Information Disclosure Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. An information disclosure vulnerability exists in the...
CVE-2019-14800
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI...