CVE-2013-7341
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0026 (0.3%)
Percentile: 49.1%
EPSS: 2026-05-06
Affects
flowplayer:flowplayer_flashmoodle:moodleTechnical description
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
Published: 3/24/2014, 2:20:39 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://flash.flowplayer.org/documentation/version-history.html
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
- http://openwall.com/lists/oss-security/2014/03/17/1
- https://github.com/flowplayer/flash/issues/121
- https://moodle.org/mod/forum/discuss.php?d=256420
- http://flash.flowplayer.org/documentation/version-history.html
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
- http://openwall.com/lists/oss-security/2014/03/17/1