Description
Kayran has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component in the version of the jPlayer you use.
This is a different vulnerability than CVE-2013-1942, demonstrated by using the “alert” function in the jQuery parameter.
This allow remote attackers to inject arbitrary web scripts or HTML by using the “jQuery” or “id” parameters.
Recommendation
Update the version of the jPlayer being used.
Make sure its version is 2.2.23 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022