jQuery jPlayer – CVE-2013-2023

Home » Blog » jQuery jPlayer – CVE-2013-2023

Description

Kayran has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in the version of the jPlayer you use.
This can happen possibly because there are incomplete blacklists.

This is a different vulnerability than CVE-2013-1942 and CVE-2013-2022.

This vulnerability allows remote attackers to inject arbitrary web scripts or any HTML by using unspecified vectors.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

Update the version of the jPlayer being used.
Make sure its version is 2.3.1 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2023

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Information Disclosure – Self revealing our Secrets

Remember those tired Devs? Well, sometimes they tend to make mistakes, as mentioned before, but imagine, writing everything important to you on a wall visible

Enterprise Mobility – BYOD vs. CYOD

We know that “demarcation” of our Enterprise Mobility is very important in the field of Information Security especially when we talk about the devices being