Description

Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022.

Remediation

References

CVE-2013-2023

Related Vulnerabilities

WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-3132)

WordPress Plugin GN Publisher: Google News Compatible RSS Feeds Cross-Site Scripting (1.5.5)

WordPress Plugin Calendar Event Multi View Cross-Site Scripting (1.3.99)

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-7658)

Severity

Medium

Classification

CVE-2013-2023 CWE-707

Tags

Missing Update Known Vulnerabilities