CVE-2011-3642

Summary : CVE-2011-3642 is an XSS flaw in Flowplayer Flash (versions 3.2.7–3.2.16) used by the TYPO3 News system extension (and Mahara). An attacker can inject arbitrary script/HTML via the plugin configuration directive that references an external domain plugin, potentially compromising site use...

CVE-2013-7341

CVE-2013-7341 refers to multiple XSS vulnerabilities in Flowplayer Flash before 3.2.17, exploited via Moodle integrations up to Moodle 2.4.9 (and related 2.3.x, 2.4.x, 2.5.x, 2.6.x series). The vulnerabilities allow remote attackers to inject arbitrary scripts/HTML by (1) supplying a crafted play...