2 matches found
CVE-2020-35748
Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...
CVE-2020-35748
FV Flowplayer Video Player plugin for WordPress is affected by a cross-site scripting (XSS) vulnerability in models/list-table.php, fixed in versions 7.4.38.727 and later. The issue allows remote authenticated users to inject arbitrary script/HTML via the fv_wp_fvvideoplayer_src field in the data...