MidnightBSD

Advisories for longtailvideo

CVE-2012-2904 MEDIUM

player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
longtailvideo jw_player 5.9
CVE-2014-4030 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.1.2
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.0.2
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.0.1
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.1.0
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.0.5
longtailvideo jw_player_for_flash_&_html5_video_plugin *
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.0.4
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.1.1
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.0.3
longtailvideo jw_player_for_flash_&_html5_video_plugin 2.0.0