Lucene search
PRIOn knowledge basePRION:CVE-2011-3642HistoryFeb 08, 2020 - 4:15 p.m.
Cross site scripting
2020-02-0816:15:00
PRIOn knowledge base
www.prio-n.com
4
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flowplayer_flash | ge | 3.2.7 | |
| flowplayer_flash | le | 3.2.16 | |
| flowplayer_flash | ge | 3.2.7 | |
| flowplayer_flash | le | 3.2.16 |
References
appsec.ws/Presentations/FlashFlooding.pdf
secunia.com/advisories/52074
secunia.com/advisories/54206
secunia.com/advisories/58854
typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009
web.appsec.ws/FlashExploitDatabase.php
bugs.launchpad.net/mahara/+bug/1103748
code.google.com/p/flowplayer-core/issues/detail?id=441
mahara.org/interaction/forum/topic.php?id=5237
www.securityfocus.com/bid/48651
Related
cve
cve
CVE-2011-3642
2020-02-08 16:15:10
cvelist
cvelist
CVE-2011-3642
2020-02-08 15:46:36
nvd
nvd
CVE-2011-3642
2020-02-08 16:15:10
ubuntucve
ubuntucve
CVE-2011-3642
2020-02-08 00:00:00
freebsd
freebsd
typo3 -- Multiple vulnerabilities in TYPO3 Core
2013-07-30 00:00:00
nessus
nessus
typo3
typo3
Cross-Site Scripting in news
2014-06-03 00:00:00
Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
2013-07-30 00:00:00
openvas
openvas
TYPO3 Flowplayer Cross Site Scripting Vulnerability
2014-01-02 00:00:00