CVE-2017-6392

Name of the Vulnerable Software and Affected Versions Kaltura server version Lynx-12.11.0

Description An issue exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin console/web/tools/XmlJWPlayer.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For Kaltura server version Lynx-12.11.0, consider restricting access to the "server-Lynx-12.11.0/admin console/web/tools/XmlJWPlayer.php" API endpoint until a fix is available. Additionally, ensure proper filtration of user-supplied data to prevent code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.