Description

Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022.

Remediation

References

CVE-2013-2023

Related Vulnerabilities

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16780)

OpenSSL Cryptographic Issues Vulnerability (CVE-2009-3555)

WordPress Plugin wpDataTables-WordPress Tables & Table Charts Arbitrary File Upload (1.5.3)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12830)

YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0269)

Severity

Medium

Classification

CVE-2013-2023 CWE-707

Tags

Missing Update Known Vulnerabilities