Lucene search

Ubuntu.comUB:CVE-2013-7343

HistoryMar 24, 2014 - 12:00 a.m.

CVE-2013-7343

2014-03-2400:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash
fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to
inject arbitrary web script or HTML by using URL encoding within the
callback parameter name. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2013-7342.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	moodle	< any	UNKNOWN
ubuntu	16.04	noarch	moodle	< any	UNKNOWN

References

github.com/flowplayer/flowplayer/commit/27e8f178276c185cbddb4f14c91d4ce7b3865db1

github.com/flowplayer/flowplayer/issues/381

launchpad.net/bugs/cve/CVE-2013-7343

nvd.nist.gov/vuln/detail/CVE-2013-7343

security-tracker.debian.org/tracker/CVE-2013-7343

www.cve.org/CVERecord?id=CVE-2013-7343

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for UB:CVE-2013-7343