Lucene search
Veracode Vulnerability DatabaseVERACODE:7828HistoryNov 16, 2018 - 8:04 a.m.
Cross-Site Scripting (XSS)
2018-11-1608:04:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.003 Low
EPSS
Percentile
65.6%
flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the callback parameter in the Flash fallback feature, allowing the attacker to steal session tokens or perform unwanted actions on behalf of the user. This vulnerability is related to CVE-2013-7341.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flowplayer | le | 5.4.1 |
Related
ubuntucve
ubuntucve
nvd
nvd
cve
cve
prion
prion
Cross site scripting
2014-03-24 14:20:00
Cross site scripting
2014-03-24 14:20:00
Cross site scripting
2014-03-24 14:20:00
cvelist
cvelist
github
github
Moodle cross-site scripting (XSS) vulnerabilities
2022-05-13 01:12:49
osv
osv
Moodle cross-site scripting (XSS) vulnerabilities
2022-05-13 01:12:49
friendsofphp
friendsofphp
Cross-Site Scripting in 3rd party library Flowplayer
2015-07-01 14:20:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-16 08:10:11
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0160)
2022-01-28 00:00:00
mageia
mageia
Updated moodle packages fix multiple security vulnerabilities
2014-04-03 21:23:49