CVE Record: CVE-2013-2023

Required CVE Record Information

Description

Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022.

Product Status

Learn more

Information not provided

References 10 Total

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 10 Total

https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4
external site
x_transferred
https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b
external site
x_transferred
marc.info: [oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS
external site
mailing-listx_transferred
openwall.com: [oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS
external site
mailing-listx_transferred
https://github.com/happyworm/jPlayer/issues/162
external site
x_transferred
marc.info: [oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS
external site
mailing-listx_transferred
http://www.jplayer.org/latest/release-notes/
external site
x_transferred
openwall.com: [oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS
external site
mailing-listx_transferred
seclists.org: 20130421 Vulnerabilities in jPlayer
external site
mailing-listx_transferred
marc.info: [oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS
external site
mailing-listx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Red Hat, Inc.

Description

Product Status

References 10 Total

CVE Program

References 10 Total