CVE-2013-7342: XSS
First published: Mon Mar 24 2014(Updated: )
Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Flowplayer | =5.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-7342?
CVE-2013-7342 is categorized as a cross-site scripting (XSS) vulnerability, which can lead to significant security risks if exploited.
How do I fix CVE-2013-7342?
To fix CVE-2013-7342, upgrade to a version of Flowplayer HTML5 that is not affected by this vulnerability, such as versions after 5.4.1.
What software is affected by CVE-2013-7342?
CVE-2013-7342 affects Flowplayer HTML5 version 5.4.1.
What type of vulnerability is CVE-2013-7342?
CVE-2013-7342 is a cross-site scripting (XSS) vulnerability allowing remote attackers to inject arbitrary scripts.
Can CVE-2013-7342 be exploited remotely?
Yes, CVE-2013-7342 can be exploited remotely through manipulated callback parameters.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- vendor/flowplayer
- canonical/flowplayer
- version/flowplayer/5.4.1