CVE-2013-1464

Name of the Vulnerable Software and Affected Versions Audio Player plugin versions prior to 2.0.4.6 typo3-src (affected versions not specified)

Description The issue concerns a cross-site scripting (XSS) vulnerability and multiple vulnerabilities in the typo3-src package. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the playerID parameter in the Audio Player plugin. The vulnerabilities in the typo3-src package can be exploited remotely, potentially leading to a breach of protected information integrity.

Recommendations For Audio Player plugin versions prior to 2.0.4.6, update to version 2.0.4.6 or later to resolve the issue. For typo3-src, at the moment, there is no information about a newer version that contains a fix for this vulnerability.