CVE-2014-4543

Name of the Vulnerable Software and Affected Versions Pay Per Media Player plugin versions 1.24 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters, including fcolor, links, stitle, height, width, host, bcolor, msg, id, or size. This can be exploited in the payper/payper.php file.

Recommendations For Pay Per Media Player plugin versions 1.24 and earlier, update to a version later than 1.24 to resolve the issue. As a temporary workaround, consider restricting access to the payper/payper.php file or validating and sanitizing user input for the vulnerable parameters to minimize the risk of exploitation.