jQuery jPlayer – CVE-2013-2022

Description

Kayran has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component in the version of the jPlayer you use.
This is a different vulnerability than CVE-2013-1942, demonstrated by using the “alert” function in the jQuery parameter.

This allow remote attackers to inject arbitrary web scripts or HTML by using the “jQuery” or “id” parameters.

Recommendation

Update the version of the jPlayer being used.
Make sure its version is 2.2.23 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »