jQuery jPlayer – CVE-2013-2022

Home » blog » jQuery jPlayer – CVE-2013-2022

Description

Kayran has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component in the version of the jPlayer you use.
This is a different vulnerability than CVE-2013-1942, demonstrated by using the “alert” function in the jQuery parameter.

This allow remote attackers to inject arbitrary web scripts or HTML by using the “jQuery” or “id” parameters.

Recommendation

Update the version of the jPlayer being used.
Make sure its version is 2.2.23 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Terms and Topics in Cybersecurity that you should know

The Cybersecurity field is one of the fields that has been growing rapidly and steadily in recent years, as the demand for it grew more

The average hacker shopping list – the CVE

When i take an X-Rey my doctor sits me down and simply “roast” me with stuff like how un-healthy i am, how i should stop

Enterprise Mobility – BYOD vs. CYOD

We know that “demarcation” of our Enterprise Mobility is very important in the field of Information Security especially when we talk about the devices being

WEB APPLICATION VULNERABILITY SCANNER