11 matches found
Kaltura server cross-site scripting vulnerability
Kaltura is an open source online video platform. kaltura server is one of the servers. A cross-site scripting vulnerability exists in the Kaltura server Lynx-12.11.0 version, which stems from the program failing to adequately filter user submissions to 'adminconsole/web/tools/SimpleJWPlayer.php',...
CVE-2017-6392
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...
CVE-2017-6391
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...
CVE-2017-6392
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...
CVE-2017-6391
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...
Authorization
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...
Authorization
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...
CVE-2017-6392
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...
CVE-2017-6391
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...
CVE-2017-6391
CVE-2017-6391 affects Kaltura server Lynx-12.11.0. The issue arises from insufficient filtration of user-supplied data in the admin_console/web/tools/*.php endpoints (SimpleJWPlayer.php, AkamaiBroadcaster.php, bigRedButton.php, bigRedButtonPtsPoc.php), enabling arbitrary HTML/JavaScript execution...
CVE-2017-6392
Kaltura Server Lynx-12.11.0 and earlier are affected by CVE-2017-6392 due to insufficient filtration of user-supplied data passed to the XmlJWPlayer.php URL, enabling arbitrary HTML/script execution in a browser (XSS). OpenVAS CNVD entries corroborate multiple XSS issues for Lynx-12.11.0 and earl...