Описание
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
Ссылки
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.19 (включая)
Одно из
cpe:2.3:a:happyworm:jplayer:*:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:0.2.1:beta:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:0.2.2:beta:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:0.2.3:beta:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:0.2.4:beta:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:0.2.5:beta:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.22:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.23:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.24:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.25:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.26:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.27:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.29:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.30:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.31:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.32:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.33:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.34:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:happyworm:jplayer:2.2.18:*:*:*:*:*:*:*
Конфигурация 2Версия до 5.0.3 (включая)
Одно из
cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.7:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.8:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.10:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.11:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.12:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:4.5.13:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08796
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
ubuntu
больше 12 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
debian
больше 12 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
EPSS
Процентиль: 92%
0.08796
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79