Lucene search

Ubuntu.comUB:CVE-2013-1942

HistoryAug 15, 2013 - 12:00 a.m.

CVE-2013-1942

2013-08-1500:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in
actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer
before 2.2.20, as used in ownCloud Server before 5.0.4 and other products,
allow remote attackers to inject arbitrary web script or HTML via the (1)
jQuery or (2) id parameters, as demonstrated using document.write in the
jQuery parameter, a different vulnerability than CVE-2013-2022 and
CVE-2013-2023.

Notes

Author	Note
jdstrand	per Debian, libjs-jquery-jplayer, not ownclou

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjquery-jplayer< anyUNKNOWN
ubuntu16.04noarchjquery-jplayer< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	jquery-jplayer	< any	UNKNOWN
ubuntu	16.04	noarch	jquery-jplayer	< any	UNKNOWN

References

owncloud.org/about/security/advisories/oC-SA-2013-014/

github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d

launchpad.net/bugs/cve/CVE-2013-1942

nvd.nist.gov/vuln/detail/CVE-2013-1942

security-tracker.debian.org/tracker/CVE-2013-1942

www.cve.org/CVERecord?id=CVE-2013-1942

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for UB:CVE-2013-1942