Description

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."

Remediation

References

CVE-2015-8760

Related Vulnerabilities

WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)

WordPress Plugin Post Thumbnail Editor Multiple Cross-Site Request Forgery Vulnerabilities (2.4.1)

WordPress Plugin Simple Job Board Directory Traversal (2.9.3)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5751)

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

Severity

Medium

Classification

CVE-2015-8760 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities