2 matches found
CVE-2013-7343
CVE-2013-7343 describes a cross-site scripting (XSS) vulnerability in Flowplayer’s Flash fallback component, specifically in the flowplayer.swf used by Flowplayer HTML5 5.4.3. The issue allows remote attackers to inject arbitrary web script or HTML by abusing URL encoding within the name of the c...
CVE-2013-7342
CVE-2013-7342 describes an XSS vulnerability in Flowplayer’s Flash fallback (flowplayer.swf) used by Flowplayer HTML5 5.4.1, exploitable via the callback parameter. Several Nessus entries classify this as an unpatched issue for affected Linux distros, noting no vendor patch is available. Related ...