297 matches found
CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3984
CVE-2022-3984 concerns the Flowplayer Video Player WordPress plugin, affected versions prior to 1.0.5. The root cause is failure to validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as Contributor. The compromise vector is via crafted shortco...
CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
PT-2022-25030 · WordPress · Fv Flowplayer Video Player
Name of the Vulnerable Software and Affected Versions: Flowplayer Video Player WordPress plugin versions prior to 1.0.5 Description: The issue is related to the Flowplayer Video Player WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them bac...
WordPress plugin Flowplayer Video Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put, the following shortcode in a page/post flowplayer...
Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put, the following shortcode in a page/post flowplayer src='...
WordPress Flowplayer Video Player plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Flowplayer Video Player plugin versions = 1.0.4. Solution Update the WordPress Flowplayer Video Player plugin to the latest available version at least 1.0.5...
WordPress FV Flowplayer Video Player Plugin < 7.3.14.727 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress FV Flowplayer Video Player Plugin < 7.3.15.727 SQLi Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
GHSA-J6C3-3C4W-QV8P Moodle cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...
Moodle cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...
GHSA-2HW6-6RGF-726V Moodle XSS Vulnerability
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted .swf file...
WordPress FV Flowplayer Video Player跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress FV Flowplayer Video Player 7.5.18.727 and previous versions have a cross-site scripting vulnerability tha...
CVE-2022-25613
Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via &fvwpflowplayerfieldsplash parameter...
CVE-2022-25613 WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via &fvwpflowplayerfieldsplash parameter...
CVE-2022-25613
Summary : CVE-2022-25613 is an authenticated persistent Cross-Site Scripting (XSS) vulnerability in the WordPress FV Flowplayer Video Player plugin (versions
CVE-2022-25613
Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via wpflowplayerfieldsplash parameter...
WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress FV Flowplayer Video Player plugin versions = 7.5.18.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.5.19.727...
WordPress plugin FV Flowplayer Video Player 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress FV Flowplayer Video Player 7.5.18.727 and previous versions have a cross-site scripting vulnerability tha...