Lucene search
HistoryMar 24, 2014 - 2:20 p.m.
CVE-2013-7341
cve-2013-7341
cross-site scripting
xss
flowplayer flash
moodle
remote attackers
web script injection
html injection
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.6%
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
Affected configurations
Node
flowplayerflowplayer_flashRange≤3.2.16
ORflowplayerflowplayer_flashMatch3.0.0
ORflowplayerflowplayer_flashMatch3.0.1
ORflowplayerflowplayer_flashMatch3.0.2
ORflowplayerflowplayer_flashMatch3.0.3
ORflowplayerflowplayer_flashMatch3.0.4
ORflowplayerflowplayer_flashMatch3.0.5
ORflowplayerflowplayer_flashMatch3.0.6
ORflowplayerflowplayer_flashMatch3.1.0
ORflowplayerflowplayer_flashMatch3.1.1
ORflowplayerflowplayer_flashMatch3.1.2
ORflowplayerflowplayer_flashMatch3.1.3
ORflowplayerflowplayer_flashMatch3.1.4
ORflowplayerflowplayer_flashMatch3.1.5
ORflowplayerflowplayer_flashMatch3.2.0
ORflowplayerflowplayer_flashMatch3.2.1
ORflowplayerflowplayer_flashMatch3.2.2
ORflowplayerflowplayer_flashMatch3.2.3
ORflowplayerflowplayer_flashMatch3.2.4
ORflowplayerflowplayer_flashMatch3.2.5
ORflowplayerflowplayer_flashMatch3.2.6
ORflowplayerflowplayer_flashMatch3.2.7
ORflowplayerflowplayer_flashMatch3.2.8
ORflowplayerflowplayer_flashMatch3.2.9
ORflowplayerflowplayer_flashMatch3.2.10
ORflowplayerflowplayer_flashMatch3.2.11
ORflowplayerflowplayer_flashMatch3.2.12
ORflowplayerflowplayer_flashMatch3.2.13
ORflowplayerflowplayer_flashMatch3.2.14
ORflowplayerflowplayer_flashMatch3.2.15
ORmoodlemoodleRange≤2.3.11
ORmoodlemoodleMatch2.0.0
ORmoodlemoodleMatch2.0.1
ORmoodlemoodleMatch2.0.2
ORmoodlemoodleMatch2.0.3
ORmoodlemoodleMatch2.0.4
ORmoodlemoodleMatch2.0.5
ORmoodlemoodleMatch2.0.6
ORmoodlemoodleMatch2.0.7
ORmoodlemoodleMatch2.0.8
ORmoodlemoodleMatch2.0.9
ORmoodlemoodleMatch2.1.0
ORmoodlemoodleMatch2.1.1
ORmoodlemoodleMatch2.1.2
ORmoodlemoodleMatch2.1.3
ORmoodlemoodleMatch2.1.4
ORmoodlemoodleMatch2.1.5
ORmoodlemoodleMatch2.1.6
ORmoodlemoodleMatch2.1.7
ORmoodlemoodleMatch2.1.8
ORmoodlemoodleMatch2.1.9
ORmoodlemoodleMatch2.1.10
ORmoodlemoodleMatch2.2.0
ORmoodlemoodleMatch2.2.1
ORmoodlemoodleMatch2.2.2
ORmoodlemoodleMatch2.2.3
ORmoodlemoodleMatch2.2.4
ORmoodlemoodleMatch2.2.5
ORmoodlemoodleMatch2.2.6
ORmoodlemoodleMatch2.2.7
ORmoodlemoodleMatch2.2.8
ORmoodlemoodleMatch2.2.9
ORmoodlemoodleMatch2.2.10
ORmoodlemoodleMatch2.2.11
ORmoodlemoodleMatch2.3.0
ORmoodlemoodleMatch2.3.1
ORmoodlemoodleMatch2.3.2
ORmoodlemoodleMatch2.3.3
ORmoodlemoodleMatch2.3.4
ORmoodlemoodleMatch2.3.5
ORmoodlemoodleMatch2.3.6
ORmoodlemoodleMatch2.3.7
ORmoodlemoodleMatch2.3.8
ORmoodlemoodleMatch2.3.9
ORmoodlemoodleMatch2.3.10
ORmoodlemoodleMatch2.4.0
ORmoodlemoodleMatch2.4.1
ORmoodlemoodleMatch2.4.2
ORmoodlemoodleMatch2.4.3
ORmoodlemoodleMatch2.4.4
ORmoodlemoodleMatch2.4.5
ORmoodlemoodleMatch2.4.6
ORmoodlemoodleMatch2.4.7
ORmoodlemoodleMatch2.4.8
ORmoodlemoodleMatch2.5.0
ORmoodlemoodleMatch2.5.1
ORmoodlemoodleMatch2.5.2
ORmoodlemoodleMatch2.5.3
ORmoodlemoodleMatch2.5.4
ORmoodlemoodleMatch2.6.0
ORmoodlemoodleMatch2.6.1
Related
nvd
nvd
ubuntucve
ubuntucve
prion
prion
Cross site scripting
2014-03-24 14:20:00
Cross site scripting
2014-03-24 14:20:00
Cross site scripting
2014-03-24 14:20:00
cvelist
cvelist
osv
osv
Moodle cross-site scripting (XSS) vulnerabilities
2022-05-13 01:12:49
cve
cve
CVE-2013-7342
2014-03-24 14:20:39
CVE-2013-7343
2014-03-24 14:20:39
github
github
Moodle cross-site scripting (XSS) vulnerabilities
2022-05-13 01:12:49
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-16 08:04:15
Cross-Site Scripting (XSS)
2018-11-16 08:10:11
friendsofphp
friendsofphp
Cross-Site Scripting in 3rd party library Flowplayer
2015-07-01 14:20:00
mageia
mageia
Updated moodle packages fix multiple security vulnerabilities
2014-04-03 21:23:49
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0160)
2022-01-28 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.6%
Related for CVE-2013-7341