Description

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

Remediation

References

CVE-2013-7341

Related Vulnerabilities

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-11322)

WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales Cross-Site Request Forgery (3.98.7)

WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Local File Inclusion (1.1.13)

Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3759)

Severity

Medium

Classification

CVE-2013-7341 CWE-707

Tags

Missing Update Known Vulnerabilities