Lucene search
Veracode Vulnerability DatabaseVERACODE:38725HistoryJan 02, 2023 - 3:16 p.m.
Cross-Site Scripting (XSS)
2023-01-0215:16:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
cross-site scripting
webvtt function
timedtext.php
timedtext controller
arbitrary scripts
software
0.001 Low
EPSS
Percentile
46.9%
iet-ou/open-media-player is vulnerable to cross-site scripting. The vulnerability exists in webvtt function of timedtext.php in the timedtext controller which allows an attacker to inject and execute arbitrary scripts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| iet-ou/open-media-player | le | 2.1.0 | |
| iet-ou/open-media-player | le | 2.1.0 |
References
github.com/advisories/GHSA-qff9-r3c8-wgm2
github.com/IET-OU/open-media-player/commit/155e6a040694ca18cf9cbc040c7264e2a7697ae7
github.com/IET-OU/open-media-player/commit/3f39f2d68d11895929c04f7b49b97a734ae7cd1f
github.com/IET-OU/open-media-player/issues/93
github.com/IET-OU/open-media-player/releases/tag/1.5.1
iet.eu.teamwork.com/desk/#/tickets/366419
vuldb.com/?ctiid.216862
vuldb.com/?id.216862
Related
cvelist
cvelist
nvd
nvd
CVE-2019-25086
2022-12-27 09:15:09
osv
osv
CVE-2019-25086
2022-12-27 09:15:09
cve
cve
CVE-2019-25086
2022-12-27 09:15:09
prion
prion
Cross site scripting
2022-12-27 09:15:00