jQuery jPlayer – CVE-2013-2022

Home » Blog » jQuery jPlayer – CVE-2013-2022

Description

Kayran has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component in the version of the jPlayer you use.
This is a different vulnerability than CVE-2013-1942, demonstrated by using the “alert” function in the jQuery parameter.

This allow remote attackers to inject arbitrary web scripts or HTML by using the “jQuery” or “id” parameters.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

Update the version of the jPlayer being used.
Make sure its version is 2.2.23 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

A funny word that is not funny – Proxy

We’ve talked about a lot of funny words in the past, and if you’re here, you must have heard the word Proxy at least twice,

Designing our Web Apps – CSS

The CSS language which are the initials of Cascading Style Sheets, similar to HTML, CSS is not a programming language, it’s belong to a group

Quickly! – Incident Response – IR

In the field of information security, one of the most important factors is speed. Quickly! Is the way we must respond to each case individually.

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Understanding Attackers

Looking in the Attacker’s eyes – There are many ways we can do it. So when we want to achieve the goal of Understanding Attackers,

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

WEB APPLICATION VULNERABILITY SCANNER