Description

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."

Remediation

References

CVE-2015-8760

Related Vulnerabilities

Liferay DXP Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)

WordPress Plugin User Rights Access Manager Security Bypass (1.0.5)

Apache read beyond bounds via ap_rwrite() Vulnerability (CVE-2022-28614)

WordPress Plugin Contact Form 7-Clockwork SMS Cross-Site Scripting (2.3.0)

WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)

Severity

Medium

Classification

CVE-2015-8760 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities