Search criteria Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

3 vulnerabilities by longtailvideo

CVE-2012-3351 (GCVE-0-2012-3351)

Vulnerability from cvelistv5 – Published: 2020-02-20 17:52 – Updated: 2024-08-06 20:05
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2012-06-19 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://developer.longtailvideo.com/trac/ticket/1585"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://technet.microsoft.com/security/msvr/msvr12-009"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/54101/discuss"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/55199/exploit"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37552"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37672"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-20T17:52:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://developer.longtailvideo.com/trac/ticket/1585"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://technet.microsoft.com/security/msvr/msvr12-009"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securityfocus.com/bid/54101/discuss"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securityfocus.com/bid/55199/exploit"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/37552"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/37672"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://developer.longtailvideo.com/trac/ticket/1585",
              "refsource": "MISC",
              "url": "http://developer.longtailvideo.com/trac/ticket/1585"
            },
            {
              "name": "http://technet.microsoft.com/security/msvr/msvr12-009",
              "refsource": "MISC",
              "url": "http://technet.microsoft.com/security/msvr/msvr12-009"
            },
            {
              "name": "https://www.securityfocus.com/bid/54101/discuss",
              "refsource": "MISC",
              "url": "https://www.securityfocus.com/bid/54101/discuss"
            },
            {
              "name": "https://www.securityfocus.com/bid/55199/exploit",
              "refsource": "MISC",
              "url": "https://www.securityfocus.com/bid/55199/exploit"
            },
            {
              "name": "https://www.exploit-db.com/exploits/37552",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/37552"
            },
            {
              "name": "https://www.exploit-db.com/exploits/37672",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/37672"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3351",
    "datePublished": "2020-02-20T17:52:01.000Z",
    "dateReserved": "2012-06-13T00:00:00.000Z",
    "dateUpdated": "2024-08-06T20:05:12.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4030 (GCVE-0-2014-4030)

Vulnerability from cvelistv5 – Published: 2014-06-25 20:00 – Updated: 2024-08-06 11:04
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2014-06-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:28.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog"
          },
          {
            "name": "59173",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59173"
          },
          {
            "name": "20140610 CSRF in JW Player for Flash \u0026 HTML5 Video 2.1.2 permits deletion of players (WordPress plugin)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Jun/64"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-25T19:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog"
        },
        {
          "name": "59173",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59173"
        },
        {
          "name": "20140610 CSRF in JW Player for Flash \u0026 HTML5 Video 2.1.2 permits deletion of players (WordPress plugin)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Jun/64"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4030",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/",
              "refsource": "MISC",
              "url": "https://security.dxw.com/advisories/jw-player-for-flash-html5-video/"
            },
            {
              "name": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog",
              "refsource": "CONFIRM",
              "url": "http://wordpress.org/plugins/jw-player-plugin-for-wordpress/changelog"
            },
            {
              "name": "59173",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59173"
            },
            {
              "name": "20140610 CSRF in JW Player for Flash \u0026 HTML5 Video 2.1.2 permits deletion of players (WordPress plugin)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Jun/64"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4030",
    "datePublished": "2014-06-25T20:00:00.000Z",
    "dateReserved": "2014-06-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T11:04:28.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2904 (GCVE-0-2012-2904)

Vulnerability from cvelistv5 – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
VLAI?
Summary
player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2012-05-15 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
          },
          {
            "name": "jwplayer-player-debug-xss(75672)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
          },
          {
            "name": "49130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49130"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://developer.longtailvideo.com/trac/ticket/1585"
          },
          {
            "name": "53554",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53554"
          },
          {
            "name": "20120516 JW player xss security flaw",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2012/May/132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
        },
        {
          "name": "jwplayer-player-debug-xss(75672)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
        },
        {
          "name": "49130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49130"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://developer.longtailvideo.com/trac/ticket/1585"
        },
        {
          "name": "53554",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53554"
        },
        {
          "name": "20120516 JW player xss security flaw",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2012/May/132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple \"javascript:\" sequences in the debug parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality",
              "refsource": "CONFIRM",
              "url": "http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality"
            },
            {
              "name": "http://www.wooyun.org/bugs/wooyun-2010-07166",
              "refsource": "MISC",
              "url": "http://www.wooyun.org/bugs/wooyun-2010-07166"
            },
            {
              "name": "jwplayer-player-debug-xss(75672)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75672"
            },
            {
              "name": "49130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49130"
            },
            {
              "name": "http://developer.longtailvideo.com/trac/ticket/1585",
              "refsource": "CONFIRM",
              "url": "http://developer.longtailvideo.com/trac/ticket/1585"
            },
            {
              "name": "53554",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53554"
            },
            {
              "name": "20120516 JW player xss security flaw",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2012/May/132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2904",
    "datePublished": "2012-05-21T18:00:00.000Z",
    "dateReserved": "2012-05-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:50:05.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}