jQuery jPlayer – CVE-2013-2023

Home » Blog » jQuery jPlayer – CVE-2013-2023

Description

Cytrix has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in the version of the jPlayer you use.
This can happen possibly because there are incomplete blacklists.

This is a different vulnerability than CVE-2013-1942 and CVE-2013-2022.

This vulnerability allows remote attackers to inject arbitrary web scripts or any HTML by using unspecified vectors.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

Update the version of the jPlayer being used.
Make sure its version is 2.3.1 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2023

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

PT- Pentest – Penetration Testing

There’s no way you’ve had a working internet connection in the last year and you haven’t seen or heard the terms PT, Pentest or Penetration

Your SQL got the I(njection)

We’ve talked about it before right? or am i the only one having a Deja-Vu? Or an SQL Injection? No on likes doctors, or needles,

Playing Online? Dangers that exist in Online Games

Browser Games? Is it Safe to be Playing Online? What are Dangers that exist in Online Games? Is it better to download and play software

Backdoors – A Dangerous Back Entrance

So what are Backdoors? Why is that considered A Dangerous Back Entrance? Let’s find out… Also known as “Private Entrance” or a Trapdoor – A

Designing our Web Apps – CSS

The CSS language which are the initials of Cascading Style Sheets, similar to HTML, CSS is not a programming language, it’s belong to a group

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties