flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the callback
parameter in the Flash fallback feature, allowing the attacker to steal session tokens or perform unwanted actions on behalf of the user. This vulnerability is related to CVE-2013-7341.
CPE | Name | Operator | Version |
---|---|---|---|
flowplayer | le | 5.4.1 |