oss-sec mailing list archives
CVE Request: "Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer"
From: Soroush Dalili <sd.bugreport () gmail com>
Date: Sat, 15 Nov 2014 23:04:14 +0000
Hello, Please can you assign a CVE ID for the following issue: -Description: The flash version of FlowPlayer is vulnerable to reflected cross-site scripting (XSS). A demo version of this player can be seen here: http://flash.flowplayer.org/demos/ -Affected versions: <= 3.2.18 -Fixed in versions: Not available yet. See https://github.com/flowplayer/flash/issues/263 -Patch: Not available yet. See https://github.com/flowplayer/flash/issues/263 -Credit: Issue was discovered by Soroush Dalili (@irsdl) -References: https://github.com/flowplayer/flash/issues/263 Thanks, Soroush
Current thread:
- CVE Request: "Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer" Soroush Dalili (Nov 15)