PT-2023-15916 · Icplayer · Icplayer
Published
2023-03-06
·
Updated
2024-05-17
·
CVE-2022-4929
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
icplayer versions up to 0.818
Description
A vulnerability was found in icplayer, affecting some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue.
Recommendations
For icplayer versions up to 0.818, upgrade to version 0.819 to address the issue. As a temporary workaround, consider restricting access to the affected functionality in the file addons/Commons/src/tts-utils.js until the upgrade is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icplayer