CVE-2013-7341
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0026 (0.3%)
Percentil: 49.1%
EPSS: 2026-05-06
Afecta
flowplayer:flowplayer_flashmoodle:moodleDescripción técnica
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
Publicada: 24/3/2014, 14:20:39
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://flash.flowplayer.org/documentation/version-history.html
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
- http://openwall.com/lists/oss-security/2014/03/17/1
- https://github.com/flowplayer/flash/issues/121
- https://moodle.org/mod/forum/discuss.php?d=256420
- http://flash.flowplayer.org/documentation/version-history.html
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
- http://openwall.com/lists/oss-security/2014/03/17/1