EUVD-2022-1996

Malicious code in bioql PyPI...

EUVD-2022-30273

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2013-7343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web...

Linux Distros Unpatched Vulnerability : CVE-2013-7342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web...

Linux Distros Unpatched Vulnerability : CVE-2013-7341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, a...

CVE-2024-29122

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212...

CVE-2024-32078

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212...

CVE-2024-32955

Server-Side Request Forgery SSRF vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212...

CVE-2023-30499

Unauth. Reflected Cross-Site Scripting XSS vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.32.7212 versions...

CVE-2022-3984

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export;=1 URI...

CVE-2019-14801

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection...

CVE-2019-14799

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS...

CVE-2011-4568

Cross-site scripting XSS vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2024-22299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212...

WordPress FV Flowplayer Video Player plugin <= 7.5.47.7212 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin FV Flowplayer Video Player versions = 7.5.47.7212...

CVE-2024-6338

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

CVE-2024-6338

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

CVE-2024-6338

CVE-2024-6338 affects the FV Flowplayer Video Player plugin for WordPress. Versions up to and including 7.5.46.7212 are vulnerable to time-based SQL Injection via the exclude parameter due to insufficient escaping and query preparation, allowing authenticated attackers with Subscriber-level acces...