RealNetworks RealPlayer SMIL Cross-Site Scripting (CVE-2003-0726)

SMIL files file extension ".smil" or ".smi" contain XML tags that identify the various multimedia objects to be played. RealPlayer fails to validate the SMIL file's content, and permits objects of type of "javascript", which are then executed in the client. An XSS Cross Site Scripting Vulnerabili...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

CVE-2003-0726

RealOne/RealPlayer is affected by CVE-2003-0726 through its SMIL handling, where a SMIL presentation containing a javascript: URL in an area tag can be executed in the security context of the previously loaded URL, enabling remote script execution. The vulnerability is described as a cross-site s...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...