Lucene search

[email protected]CVE-2013-7343

HistoryMar 24, 2014 - 2:20 p.m.

CVE-2013-7343

2014-03-2414:20:39

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-7343

cross-site scripting

xss

flowplayer html5 5.4.3

flash fallback

remote code injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

JSON

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7342.

Affected configurations

NVD

Node

flowplayerflowplayer_html5Match5.4.3

CPENameOperatorVersion
flowplayer:flowplayer_html5flowplayer flowplayer html5eq5.4.3

CPE	Name	Operator	Version
flowplayer:flowplayer_html5	flowplayer flowplayer html5	eq	5.4.3

References

github.com/flowplayer/flowplayer/commit/27e8f178276c185cbddb4f14c91d4ce7b3865db1

github.com/flowplayer/flowplayer/issues/381

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for CVE-2013-7343

prion3 cvelist3 veracode2 ubuntucve3 nvd3 cve2 osv1 github1