Lucene search
K

11 matches found

CNVD
CNVD
added 2017/03/05 12:0 a.m.3 views

Kaltura server cross-site scripting vulnerability

Kaltura is an open source online video platform. kaltura server is one of the servers. A cross-site scripting vulnerability exists in the Kaltura server Lynx-12.11.0 version, which stems from the program failing to adequately filter user submissions to 'adminconsole/web/tools/SimpleJWPlayer.php',...

6.1CVSS6.2AI score0.00848EPSS
Exploits0References1
NVD
NVD
added 2017/03/02 6:59 a.m.10 views

CVE-2017-6392

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...

6.1CVSS6.4AI score0.00865EPSS
Exploits0References3
NVD
NVD
added 2017/03/02 6:59 a.m.21 views

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

6.1CVSS6.4AI score0.00848EPSS
Exploits0References3
OSV
OSV
added 2017/03/02 6:59 a.m.12 views

CVE-2017-6392

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...

6.1CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2017/03/02 6:59 a.m.17 views

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

6.1CVSS7.1AI score
Exploits0References3
Prion
Prion
added 2017/03/02 6:59 a.m.10 views

Authorization

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...

4.3CVSS6.4AI score0.00865EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/03/02 6:59 a.m.17 views

Authorization

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

4.3CVSS6.4AI score0.00848EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/03/02 6:0 a.m.21 views

CVE-2017-6392

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...

6.4AI score0.00865EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/03/02 6:0 a.m.21 views

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

6.4AI score0.00848EPSS
Exploits0References3
CVE
CVE
added 2017/03/02 6:0 a.m.58 views

CVE-2017-6391

CVE-2017-6391 affects Kaltura server Lynx-12.11.0. The issue arises from insufficient filtration of user-supplied data in the admin_console/web/tools/*.php endpoints (SimpleJWPlayer.php, AkamaiBroadcaster.php, bigRedButton.php, bigRedButtonPtsPoc.php), enabling arbitrary HTML/JavaScript execution...

6.1CVSS6.4AI score0.00848EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/03/02 6:0 a.m.46 views

CVE-2017-6392

Kaltura Server Lynx-12.11.0 and earlier are affected by CVE-2017-6392 due to insufficient filtration of user-supplied data passed to the XmlJWPlayer.php URL, enabling arbitrary HTML/script execution in a browser (XSS). OpenVAS CNVD entries corroborate multiple XSS issues for Lynx-12.11.0 and earl...

6.1CVSS6.4AI score0.00865EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder