Search
Find a vulnerability
Search criteria
4 vulnerabilities found for jw_player by longtailvideo
CVE-2012-3351 (GCVE-0-2012-3351)
Vulnerability from nvd – Published: 2020-02-20 17:52 – Updated: 2024-08-06 20:05
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://developer.longtailvideo.com/trac/ticket/1585 | x_refsource_MISC |
| http://technet.microsoft.com/security/msvr/msvr12-009 | x_refsource_MISC |
| https://www.securityfocus.com/bid/54101/discuss | x_refsource_MISC |
| https://www.securityfocus.com/bid/55199/exploit | x_refsource_MISC |
| https://www.exploit-db.com/exploits/37552 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/37672 | x_refsource_MISC |
Date Public
2012-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-20T17:52:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/37672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.longtailvideo.com/trac/ticket/1585",
"refsource": "MISC",
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "http://technet.microsoft.com/security/msvr/msvr12-009",
"refsource": "MISC",
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"name": "https://www.securityfocus.com/bid/54101/discuss",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"name": "https://www.securityfocus.com/bid/55199/exploit",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"name": "https://www.exploit-db.com/exploits/37552",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"name": "https://www.exploit-db.com/exploits/37672",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/37672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3351",
"datePublished": "2020-02-20T17:52:01.000Z",
"dateReserved": "2012-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2904 (GCVE-0-2012-2904)
Vulnerability from nvd – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
VLAI
Summary
player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.longtailvideo.com/support/forums/jw-pl… | x_refsource_CONFIRM |
| http://www.wooyun.org/bugs/wooyun-2010-07166 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/49130 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.longtailvideo.com/trac/ticket/1585 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53554 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2012/May/132 | mailing-listx_refsource_FULLDISC |
Date Public
2012-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality",
"refsource": "CONFIRM",
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"name": "http://www.wooyun.org/bugs/wooyun-2010-07166",
"refsource": "MISC",
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49130"
},
{
"name": "http://developer.longtailvideo.com/trac/ticket/1585",
"refsource": "CONFIRM",
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2904",
"datePublished": "2012-05-21T18:00:00.000Z",
"dateReserved": "2012-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:05.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3351 (GCVE-0-2012-3351)
Vulnerability from cvelistv5 – Published: 2020-02-20 17:52 – Updated: 2024-08-06 20:05
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://developer.longtailvideo.com/trac/ticket/1585 | x_refsource_MISC |
| http://technet.microsoft.com/security/msvr/msvr12-009 | x_refsource_MISC |
| https://www.securityfocus.com/bid/54101/discuss | x_refsource_MISC |
| https://www.securityfocus.com/bid/55199/exploit | x_refsource_MISC |
| https://www.exploit-db.com/exploits/37552 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/37672 | x_refsource_MISC |
Date Public
2012-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-20T17:52:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/37672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.longtailvideo.com/trac/ticket/1585",
"refsource": "MISC",
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "http://technet.microsoft.com/security/msvr/msvr12-009",
"refsource": "MISC",
"url": "http://technet.microsoft.com/security/msvr/msvr12-009"
},
{
"name": "https://www.securityfocus.com/bid/54101/discuss",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/54101/discuss"
},
{
"name": "https://www.securityfocus.com/bid/55199/exploit",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/55199/exploit"
},
{
"name": "https://www.exploit-db.com/exploits/37552",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/37552"
},
{
"name": "https://www.exploit-db.com/exploits/37672",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/37672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3351",
"datePublished": "2020-02-20T17:52:01.000Z",
"dateReserved": "2012-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2904 (GCVE-0-2012-2904)
Vulnerability from cvelistv5 – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
VLAI
Summary
player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.longtailvideo.com/support/forums/jw-pl… | x_refsource_CONFIRM |
| http://www.wooyun.org/bugs/wooyun-2010-07166 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/49130 | third-party-advisoryx_refsource_SECUNIA |
| http://developer.longtailvideo.com/trac/ticket/1585 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53554 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2012/May/132 | mailing-listx_refsource_FULLDISC |
Date Public
2012-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality",
"refsource": "CONFIRM",
"url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
},
{
"name": "http://www.wooyun.org/bugs/wooyun-2010-07166",
"refsource": "MISC",
"url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
},
{
"name": "jwplayer-player-debug-xss(75672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
},
{
"name": "49130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49130"
},
{
"name": "http://developer.longtailvideo.com/trac/ticket/1585",
"refsource": "CONFIRM",
"url": "http://developer.longtailvideo.com/trac/ticket/1585"
},
{
"name": "53554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53554"
},
{
"name": "20120516 JW player xss security flaw",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/May/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2904",
"datePublished": "2012-05-21T18:00:00.000Z",
"dateReserved": "2012-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:05.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}