jQuery jPlayer – CVE-2013-2022

Home » Blog » jQuery jPlayer – CVE-2013-2022

Description

Kayran has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component in the version of the jPlayer you use.
This is a different vulnerability than CVE-2013-1942, demonstrated by using the “alert” function in the jQuery parameter.

This allow remote attackers to inject arbitrary web scripts or HTML by using the “jQuery” or “id” parameters.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

Update the version of the jPlayer being used.
Make sure its version is 2.2.23 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Cyberbullying – We Need to Talk About it

Disclaimer: We in Kayran do not support or encourage any forms or acts of Cyber-bullying. We do not intend to hurt or make fun of

Information Disclosure – Self revealing our Secrets

Remember those tired Devs? Well, sometimes they tend to make mistakes, as mentioned before, but imagine, writing everything important to you on a wall visible

Baby steps – getting into the PT industry

By raising hands please tell me ; WHO LIKES MONEY ? I bet none of you kept his hand low, and that’s fine, we love

Quickly! – Incident Response – IR

In the field of information security, one of the most important factors is speed. Quickly! Is the way we must respond to each case individually.

Cybersecurity – The thinnest security guards you will ever know

I can sit here all day long talking about vulnerabilities, attackers and other scary ways that puts our money and personal data at risk and

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

WEB APPLICATION VULNERABILITY SCANNER