jplayer Cross Site Scripting vulnerability

Description

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.

Recommendation

Update the jplayer package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.3.0
• Patched version(s): 2.3.0

References

• GHSA-3jcq-cwr7-6332
• marc.info
• seclists.org
• www.openwall.com
• www.jplayer.org
• CVE-2013-2022
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details - CVE-2022-39350
• tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload - CVE-2022-25854
• Cross-site Scripting (XSS) in serve-lite - CVE-2022-25847
• Cross-site Scripting in karma - CVE-2022-0437

Tags:

npm

jplayer