CVE-2021-39350: XSS
First published: Wed Oct 06 2021(Updated: )
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foliovision Fv Flowplayer Video Player | >=7.5.0.727<=7.5.2.727 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-39350?
CVE-2021-39350 is a vulnerability in the FV Flowplayer Video Player WordPress plugin that allows attackers to inject arbitrary web scripts.
What is the severity of CVE-2021-39350?
CVE-2021-39350 has a severity level of medium.
How does the CVE-2021-39350 vulnerability occur?
The CVE-2021-39350 vulnerability is caused by a reflected cross-site scripting (XSS) issue in the player_id parameter of the ~/view/stats.php file.
Which versions of the FV Flowplayer Video Player plugin are affected by CVE-2021-39350?
Versions 7.5.0.727 to 7.5.2.727 of the FV Flowplayer Video Player plugin are affected by CVE-2021-39350.
How can I fix the CVE-2021-39350 vulnerability?
To fix the CVE-2021-39350 vulnerability, update the FV Flowplayer Video Player plugin to a version higher than 7.5.2.727.
- collector/nvd-index
- vendor/foliovision
- canonical/foliovision fv flowplayer video player
- version/foliovision fv flowplayer video player/7.5.0.727
- version/foliovision fv flowplayer video player/7.5.2.727