Search criteria
3 vulnerabilities by longtailvideo
CVE-2012-3351 (GCVE-0-2012-3351)
Vulnerability from cvelistv5 – Published: 2020-02-20 17:52 – Updated: 2024-08-06 20:05
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://developer.longtailvideo.com/trac/ticket/1585 | x_refsource_MISC |
| http://technet.microsoft.com/security/msvr/msvr12-009 | x_refsource_MISC |
| https://www.securityfocus.com/bid/54101/discuss | x_refsource_MISC |
| https://www.securityfocus.com/bid/55199/exploit | x_refsource_MISC |
| https://www.exploit-db.com/exploits/37552 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/37672 | x_refsource_MISC |
Date Public
2012-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-20T17:52:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/37672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.longtailvideo.com/trac/ticket/1585",
"refsource": "MISC",
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "http://technet.microsoft.com/security/msvr/msvr12-009",
"refsource": "MISC",
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"name": "https://www.securityfocus.com/bid/54101/discuss",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"name": "https://www.securityfocus.com/bid/55199/exploit",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"name": "https://www.exploit-db.com/exploits/37552",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"name": "https://www.exploit-db.com/exploits/37672",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/37672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3351",
"datePublished": "2020-02-20T17:52:01.000Z",
"dateReserved": "2012-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4030 (GCVE-0-2014-4030)
Vulnerability from cvelistv5 – Published: 2014-06-25 20:00 – Updated: 2024-08-06 11:04
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security.dxw.com/advisories/jw-player-for… | x_refsource_MISC |
| http://wordpress.org/plugins/jw-player-plugin-for… | x_refsource_CONFIRM |
| http://secunia.com/advisories/59173 | third-party-advisoryx_refsource_SECUNIA |
| http://seclists.org/fulldisclosure/2014/Jun/64 | mailing-listx_refsource_FULLDISC |
Date Public
2014-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog"
},
{
"name": "59173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59173"
},
{
"name": "20140610 CSRF in JW Player for Flash \u0026 HTML5 Video 2.1.2 permits deletion of players (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/64"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-25T19:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog"
},
{
"name": "59173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59173"
},
{
"name": "20140610 CSRF in JW Player for Flash \u0026 HTML5 Video 2.1.2 permits deletion of players (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/64"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/"
},
{
"name": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog"
},
{
"name": "59173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59173"
},
{
"name": "20140610 CSRF in JW Player for Flash \u0026 HTML5 Video 2.1.2 permits deletion of players (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/64"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4030",
"datePublished": "2014-06-25T20:00:00.000Z",
"dateReserved": "2014-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:04:28.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2904 (GCVE-0-2012-2904)
Vulnerability from cvelistv5 – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
VLAI
Summary
player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.longtailvideo.com/support/forums/jw-pl… | x_refsource_CONFIRM |
| http://www.wooyun.org/bugs/wooyun-2010-07166 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/49130 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.longtailvideo.com/trac/ticket/1585 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53554 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2012/May/132 | mailing-listx_refsource_FULLDISC |
Date Public
2012-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality",
"refsource": "CONFIRM",
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"name": "http://www.wooyun.org/bugs/wooyun-2010-07166",
"refsource": "MISC",
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49130"
},
{
"name": "http://developer.longtailvideo.com/trac/ticket/1585",
"refsource": "CONFIRM",
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2904",
"datePublished": "2012-05-21T18:00:00.000Z",
"dateReserved": "2012-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:05.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}