Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2023/08/25 2:40 a.m.8 views

CVE-2023-4520 FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fvplayeruservideo’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and...

5.4CVSS6.8AI score0.00471EPSS
Exploits0References3
CVE
CVE
added 2023/08/25 2:40 a.m.47 views

CVE-2023-4520

CVE-2023-4520 affects FV Flowplayer Video Player for WordPress. A stored XSS via the _fv_player_user_video parameter saved through the plugin’s save function (hooked via init) and an Arbitrary Usermeta Update vulnerability exist in versions up to 7.5.37.7212 due to insufficient input sanitization...

6.1CVSS5.9AI score0.00471EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/08/25 12:0 a.m.13 views

WordPress FV Flowplayer Video Player Plugin <= 7.5.37.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.37.7212 Fixed in 7.5.39.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4520 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d232095d565d...

6.1CVSS5.6AI score0.00471EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder