PT-2012-4350 · Longtail · Jw Player
Published
2012-05-21
·
Updated
2017-08-29
·
CVE-2012-2904
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
LongTail JW Player version 5.9
Description
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary web script or HTML via multiple "javascript:" sequences in the
debug parameter of the player.swf file.Recommendations
For LongTail JW Player version 5.9, consider disabling the
debug parameter to prevent exploitation until a patch is available. Restrict access to the player.swf file to minimize the risk of XSS attacks.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jw Player