Описание
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
Ссылки
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
EPSS
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
EPSS
9.6 Critical
CVSS3
6.8 Medium
CVSS2