Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| milesj | decoda | 2.6 |
| milesj | decoda | 3.0 |
| milesj | decoda | 2.8 |
| milesj | decoda | 2.9 |
| milesj | decoda | * |
| milesj | decoda | 2.2 |
| milesj | decoda | 3.1 |
| milesj | decoda | 3.2 |
| milesj | decoda | 2.4 |
| milesj | decoda | 2.5 |
| milesj | decoda | 2.3 |
| milesj | decoda | 3.3 |
| milesj | decoda | 2.7 |
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| milesj | decoda | 2.6 |
| milesj | decoda | 3.0 |
| milesj | decoda | 2.8 |
| milesj | decoda | 2.9 |
| milesj | decoda | * |
| milesj | decoda | 2.2 |
| milesj | decoda | 3.1 |
| milesj | decoda | 3.2 |
| milesj | decoda | 2.4 |
| milesj | decoda | 2.5 |
| milesj | decoda | 2.3 |
| milesj | decoda | 2.7 |
Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| milesj | decoda | 2.6 |
| milesj | decoda | 2.4 |
| milesj | decoda | 2.5 |
| milesj | decoda | 3.0 |
| milesj | decoda | 2.8 |
| milesj | decoda | 2.9 |
| milesj | decoda | 2.3 |
| milesj | decoda | * |
| milesj | decoda | 2.2 |
| milesj | decoda | 2.7 |