4 matches found
Cross-Site Scripting (XSS)
jPlayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the jQuery and id parameters in the Flash SWF component. This CVE is different from CVE-2013-1942 and CVE-2013-2022...
CVE-2013-2022
Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id parameters, a different vulnerability than CVE-2013-1942 and...
CVE-2013-2022
CVE-2013-2022 refers to multiple XSS vulnerabilities in the Flash SWF component jplayer.swf (jPlayer) within actionscript/Jplayer.as. Affected are jPlayer versions before 2.2.23, where remote attackers could inject arbitrary script or HTML via the (1) jQuery or (2) id parameters in the jplayer.sw...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id...