QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2022

Published: Aug 17, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373

x_refsource_CONFIRM

[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS

mailing-list

x_refsource_MLIST

[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS

mailing-list

x_refsource_MLIST

[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS

mailing-list

x_refsource_MLIST

http://www.jplayer.org/2.3.0/release-notes/

x_refsource_CONFIRM

[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS

mailing-list

x_refsource_MLIST

20130421 Vulnerabilities in jPlayer

mailing-list

x_refsource_FULLDISC

[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.