flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser by via the callback
parameter using URL encoding. This vulnerability exists due to an incomplete fix for CVE-2013-7342.
CPE | Name | Operator | Version |
---|---|---|---|
flowplayer | le | 5.4.4 |