MidnightBSD

Advisories for doryphores

CVE-2013-1464 MEDIUM

Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
doryphores audio_player 2.0.2.0
doryphores audio_player 2.0.3.1
doryphores audio_player 2.0.4.1
doryphores audio_player 2.0.3.0
doryphores audio_player 2.0.4.3
doryphores audio_player *
doryphores audio_player 2.0.1.0
doryphores audio_player 2.0.4.0
doryphores audio_player 2.0.4.4