oss-sec mailing list archives
Re: CVE-2013-1942 jPlayer 2.2.19 XSS
From: Lukas Reschke <lukas () owncloud org>
Date: Sat, 20 Apr 2013 19:36:06 +0200
On Sat, Apr 20, 2013 at 7:19 PM, Mark Panaghiston <markp () happyworm com> wrote:
[2.2.23] Security Fix: The Flash SWF had a minor security vulnerability that enabled XSS (Cross Site Scripting). Reported by Eugene Dokukin. https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
As far I can see from this commit this only affected "alert()" and allowed the display of an alert box. Could you clarify that please? If so this could be only abused for techniques like social engineering and should IMHO not handled as a security issue. @Kurt: What's your opinion on that? -- ownCloud Your Cloud, Your Data, Your Way! GPG: 0xEB32B77BA406BE99
Current thread:
- Re: CVE-2013-1942 jPlayer 2.2.19 XSS Lukas Reschke (Apr 20)
- <Possible follow-ups>
- Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (Apr 29)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Salvatore Bonaccorso (May 03)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (May 04)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Steven M. Christey (Jun 27)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Salvatore Bonaccorso (May 03)