player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| longtailvideo | jw_player | 5.9 |
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.1.2 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.0.2 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.0.1 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.1.0 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.0.5 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | * |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.0.4 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.1.1 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.0.3 |
| longtailvideo | jw_player_for_flash_&_html5_video_plugin | 2.0.0 |