jQuery jPlayer - CVE-2013-2022

Description

Cytrix has detected multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component in the version of the jPlayer you use.
This is a different vulnerability than CVE-2013-1942, demonstrated by using the “alert” function in the jQuery parameter.

This allow remote attackers to inject arbitrary web scripts or HTML by using the “jQuery” or “id” parameters.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Cryptography – A Fine Art

As we know, a conversation need at least 2 people to exist, in this conversation of course, the exchange of data and information are being

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Continuous Scanning and Monitoring – the Why’s

You are given tools, these tools allow you to maintain your house, will you “fix” things when they break only once? or will you keep

The Risks in Web Applications and other scary things…

There are couple of things regarding Risks in Web-Based Applications that you should know, let’s talk about them. When crossing the street, we look at

Understanding Attackers

Looking in the Attacker’s eyes – There are many ways we can do it. So when we want to achieve the goal of Understanding Attackers,

A funny word that is not funny – Proxy

We’ve talked about a lot of funny words in the past, and if you’re here, you must have heard the word Proxy at least twice,

jQuery jPlayer – CVE-2013-2022

Description

Severity/Score

Recommendation

References

Cryptography – A Fine Art

What is a CWE ?

Continuous Scanning and Monitoring – the Why’s

The Risks in Web Applications and other scary things…

Understanding Attackers

A funny word that is not funny – Proxy

Company

Resources

Docs

Latest posts

Possible Credit Card Number Disclosure

Backdoors – A Dangerous Back Entrance

Internal IP Disclosure