Fedora 18 : gallery3-3.0.8-1.fc18 (2013-10138)

A security flaw was found in the way uploadify and flowplayer SWF files handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to these files certain URL...

Fedora 19 : gallery3-3.0.8-1.fc19 (2013-10032)

A security flaw was found in the way uploadify and flowplayer SWF files handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to these files certain URL...

Gallery < 3.0.5 Multiple Vulnerabilities

According to its version number, the Gallery install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input to the 'Module Name' field in the...

CVE-2012-6528

ATutor before 2.1 contains multiple cross-site scripting (XSS) vulnerabilities exploitable via PATH_INFO in several endpoints (themes/default/tile_search/index.tmpl.php, login.php, search.php, password_reminder.php, login.php/jscripts/infusion, login.php/mods/_standard/flowplayer, browse.php/jscr...

ATutor 2.0.3 Multiple XSS vulnerabilities

Advisory: ATutor 2.0.3 Multiple XSS vulnerabilities Advisory ID: SSCHADV2012-002 Author: Stefan Schurtz Affected Software: Successfully tested on ATutor 2.0.3 Vendor URL: http://atutor.ca Vendor Status: informed ========================== Vulnerability Description ========================== ATuto...

CVE-2011-4568

Cross-site scripting XSS vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI...

Cross site scripting

Cross-site scripting XSS vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2011-4568

CVE-2011-4568 affects the Flowplayer WP plugin: XSS via view/frontend-head.php in versions before 1.2.12, allowing remote attackers to inject arbitrary script/HTML through the URI. Impact is remote code execution in the context of the user’s browser (depending on login) with partial integrity imp...

CVE-2011-4568

Cross-site scripting XSS vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI...

WordPress Flowplayer Plugin <= 1.2.11 - XSS

Because of this vulnerability in view/frontend-head.php, the attackers can inject arbitrary web script or HTML via the URI. Solution Update the plugin...

Flowplayer 3.2.7 - linkUrl Cross-Site Scripting

Flowplayer 3.2.7 - linkUrl Cross-Site Scripting source: https://www.securityfocus.com/bid/48651/info Flowplayer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage thi...

Flowplayer 3.2.7 - &#039;linkUrl&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/48651/info Flowplayer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the...