Lucene search
+L

297 matches found

Vulnrichment
Vulnrichment
added 2022/12/19 1:41 p.m.8 views

CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2022/12/19 1:41 p.m.68 views

CVE-2022-3984

CVE-2022-3984 concerns the Flowplayer Video Player WordPress plugin, affected versions prior to 1.0.5. The root cause is failure to validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as Contributor. The compromise vector is via crafted shortco...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/12/19 1:41 p.m.21 views

CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.6AI score0.00471EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.3 views

PT-2022-25030 · WordPress · Fv Flowplayer Video Player

Name of the Vulnerable Software and Affected Versions: Flowplayer Video Player WordPress plugin versions prior to 1.0.5 Description: The issue is related to the Flowplayer Video Player WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them bac...

5.4CVSS5.2AI score0.00471EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.4 views

WordPress plugin Flowplayer Video Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.5AI score0.00471EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/11/22 12:0 a.m.23 views

Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put, the following shortcode in a page/post flowplayer...

5.4CVSS2.5AI score0.00471EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/11/22 12:0 a.m.156 views

Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put, the following shortcode in a page/post flowplayer src='...

5.4CVSS0.9AI score0.00471EPSS
Exploits2
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.16 views

WordPress Flowplayer Video Player plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Flowplayer Video Player plugin versions = 1.0.4. Solution Update the WordPress Flowplayer Video Player plugin to the latest available version at least 1.0.5...

3.1AI score0.00471EPSS
Exploits2References1Affected Software1
OpenVAS
OpenVAS
added 2022/07/29 12:0 a.m.11 views

WordPress FV Flowplayer Video Player Plugin < 7.3.14.727 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS7AI score0.02022EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/07/29 12:0 a.m.17 views

WordPress FV Flowplayer Video Player Plugin < 7.3.15.727 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

9.8CVSS7AI score0.01815EPSS
Exploits0References1
OSV
OSV
added 2022/05/13 1:12 a.m.23 views

GHSA-J6C3-3C4W-QV8P Moodle cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

4.3CVSS5.6AI score0.02405EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.38 views

Moodle cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

4.3CVSS6AI score0.02405EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2022/05/13 1:12 a.m.16 views

GHSA-2HW6-6RGF-726V Moodle XSS Vulnerability

Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted .swf file...

6.1CVSS5.9AI score0.01077EPSS
Exploits0References5
CNVD
CNVD
added 2022/04/07 12:0 a.m.44 views

WordPress FV Flowplayer Video Player跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress FV Flowplayer Video Player 7.5.18.727 and previous versions have a cross-site scripting vulnerability tha...

5.4CVSS2.7AI score0.00549EPSS
Exploits0References1
OSV
OSV
added 2022/04/04 8:15 p.m.7 views

CVE-2022-25613

Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via &fvwpflowplayerfieldsplash parameter...

5.4CVSS5.8AI score0.00549EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/04/04 7:46 p.m.6 views

CVE-2022-25613 WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via &fvwpflowplayerfieldsplash parameter...

4.1CVSS5.6AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2022/04/04 7:46 p.m.76 views

CVE-2022-25613

Summary : CVE-2022-25613 is an authenticated persistent Cross-Site Scripting (XSS) vulnerability in the WordPress FV Flowplayer Video Player plugin (versions

5.4CVSS4.7AI score0.00549EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/04 5:25 a.m.9 views

CVE-2022-25613

Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via wpflowplayerfieldsplash parameter...

5.4CVSS5.6AI score0.00549EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/04/04 12:0 a.m.58 views

WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress FV Flowplayer Video Player plugin versions = 7.5.18.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.5.19.727...

5.4CVSS3.1AI score0.00549EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.26 views

WordPress plugin FV Flowplayer Video Player 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress FV Flowplayer Video Player 7.5.18.727 and previous versions have a cross-site scripting vulnerability tha...

5.4CVSS5.4AI score0.00549EPSS
Exploits0References4
Rows per page
Query Builder