CVE-2013-1967

Sažetak

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Reference

http://owncloud.org/about/security/advisories/oC-SA-2013-017
http://seclists.org/oss-sec/2013/q2/111
http://seclists.org/oss-sec/2013/q2/133
http://secunia.com/advisories/53079
https://bugzilla.redhat.com/show_bug.cgi?id=955307
https://exchange.xforce.ibmcloud.com/vulnerabilities/83647
https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd
https://github.com/johndyer/mediaelement/tree/2.11.1

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

05-02-2014 - 15:10