CVE-2013-3565

Name of the Vulnerable Software and Affected Versions: VLC Media Player versions prior to 2.0.7

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface of VLC Media Player. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited through the command parameter to requests/vlm cmd.xml, the dir parameter to requests/browse.xml, or the URI in a request, which is returned in an error message through share/lua/intf/http.lua.

Recommendations: For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP Interface or disabling the vulnerable parameters, such as command and dir, until a patch is applied. Avoid using the vulnerable URI in requests until the issue is resolved.