princeton.edu XSS vulnerability

Open Bug Bounty ID: OBB-625587 Description| Value ---|--- Affected Website:| princeton.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

www1.lasalle.edu XSS vulnerability

Vulnerable URL: http://www1.lasalle.edu/beatty/402/jwplayer/player.swf?tracecall=prompt%27openbugbounty%27 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 15.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

bom.gov.au XSS vulnerability

Vulnerable URL: http://www.bom.gov.au/careers/JWPlayer/mediaplayer/player.swf?debug=promptOpenbugbounty Details: Description| Value ---|--- Patched:| Yes, at 20.07.2017 Latest check for patch:| 20.07.2017 23:22 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 243...

Udemy: Reflected XSS and/or malicious redirection via JWPlayer 6 configuration modification

1 Malicious attacker by visiting course page e.g. https://www.udemy.com/overview-of-big-data-hadoop/ and intercepting browser's generated requests can find one to the following URL:...

DEBIAN-CVE-2013-6497

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service crash as demonstrated by the jwplayer.js file...

RokBox <= 2.13 - jwplayer/jwplayer.swf abouttext Parameter XSS

The wprokbox WordPress plugin was affected by a jwplayer/jwplayer.swf abouttext Parameter XSS security vulnerability...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 link or 2 playerready parameter...

JWPlayer 5.10 playerReady 跨站脚本漏洞

No description provided by source...

WowzaMediaServer SecureToken bypass &#40;and worse&#41;

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: By default all installations of WMS use four modules in their application's config file: base, properties, logging, flvplayback. I've found out that the properties...

JWPlayer 5 latest SWF XSS 0day analysis and POC improvements-bug warning-the black bar safety net

Original: Special Thx to small male students to the idea: Foreigners in 1, No. 6 published the jwplayer a not repairXSS 0day, the details of the fierce stamp here. jwplayer is currently the most widely used flash Player components, especially the many foreign online love action movies website...

JWPlayer 5.9 debug 参数 跨站脚本漏洞

No description provided by source...

CS and XSS vulnerabilities in BuddyPress for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin BuddyPress for WordPress. I've disclosed vulnerabilities in JW Player in June and August including in commercial version JW Player Pro and disclosed vulnerabilities in Rokbox in December. And BuddyPress uses this...

WordPress BuddyPress Cross Site Scripting / Content Spoofing

Hello list! I want to warn you about multiple security vulnerabilities in plugin BuddyPress for WordPress. I've disclosed vulnerabilities in JW Player in June and August including in commercial version JW Player Pro and disclosed vulnerabilities in Rokbox in December. And BuddyPress uses this...

JWPlayer远程跨站脚本执行漏洞

No description provided by source...