Lucene search
K

9 matches found

OSV
OSV
added 2022/05/13 1:12 a.m.18 views

GHSA-J6C3-3C4W-QV8P Moodle cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

4.3CVSS5.6AI score0.02405EPSS
Exploits0References13
Veracode
Veracode
added 2018/11/16 8:10 a.m.23 views

Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser by via the callback parameter using URL encoding. This vulnerability exists due to an incomplete fix for CVE-2013-7342...

4.3CVSS5.9AI score0.01486EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2014/03/24 2:20 p.m.32 views

CVE-2013-7343

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

4.3CVSS5.6AI score0.01486EPSS
Exploits1References2
Prion
Prion
added 2014/03/24 2:20 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

4.3CVSS6AI score0.01486EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2014/03/24 2:20 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

4.3CVSS5.9AI score0.02405EPSS
Exploits1References5Affected Software2
UbuntuCve
UbuntuCve
added 2014/03/24 2:20 p.m.33 views

CVE-2013-7342

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...

4.3CVSS6AI score0.01474EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2014/03/24 2:20 p.m.25 views

CVE-2013-7341

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

4.3CVSS5.9AI score0.02405EPSS
Exploits0References6
Cvelist
Cvelist
added 2014/03/22 1:0 a.m.31 views

CVE-2013-7342

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...

5.6AI score0.01474EPSS
Exploits1References2
CVE
CVE
added 2014/03/22 1:0 a.m.45 views

CVE-2013-7342

CVE-2013-7342 describes an XSS vulnerability in Flowplayer’s Flash fallback (flowplayer.swf) used by Flowplayer HTML5 5.4.1, exploitable via the callback parameter. Several Nessus entries classify this as an unpatched issue for affected Linux distros, noting no vendor patch is available. Related ...

4.3CVSS5.7AI score0.01474EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder