oss-sec mailing list archives

CVE Request: "Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer"

From: Soroush Dalili <sd.bugreport () gmail com>
Date: Sat, 15 Nov 2014 23:04:14 +0000

Hello,
Please can you assign a CVE ID for the following issue:

-Description:
The flash version of FlowPlayer is vulnerable to reflected cross-site
scripting (XSS).
A demo version of this player can be seen here:
http://flash.flowplayer.org/demos/

-Affected versions:
<= 3.2.18

-Fixed in versions:
Not available yet. See https://github.com/flowplayer/flash/issues/263

-Patch:
Not available yet. See https://github.com/flowplayer/flash/issues/263

-Credit:
Issue was discovered by Soroush Dalili (@irsdl)

-References:
https://github.com/flowplayer/flash/issues/263


Thanks,
Soroush

Current thread:

CVE Request: "Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer" Soroush Dalili (Nov 15)