jQuery jPlayer – CVE-2013-1942

Description

Kayran has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component in the version of the jPlayer you use.

This allow remote attackers to inject arbitrary web scripts or HTML by using the “jQuery” or “id” parameters.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

Update the version of your jPlayer.
Make sure its version is 2.2.20 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1942

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »