QwikSec

Security Database

CVE

CWE

Training

CVE-2013-3565

Published: Jan 31, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.videolan.org/developers/vlc-branch/NEWS

x_refsource_MISC

https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt

x_refsource_MISC

http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881

x_refsource_MISC

http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.