Home > Vulnerability Database > CVE-2013-7343

Mend.io Vulnerability Database

CVE-2013-7343

Good to know:

Date: March 21, 2014

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7342.

Language: JS

Severity Score

6.8

Related Resources (5)

Url: https://github.com/flowplayer/flowplayer/issues/381

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-7343

Url: https://github.com/flowplayer/flowplayer/commit/27e8f178276c185cbddb4f14c91d4ce7b3865db1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2013-7343

Url: https://www.mend.io/vulnerability-database/CVE-2013-7343

Severity Score

6.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 5.4.5

Learn More

CVSS v3

Base Score:	6.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	5.5
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-7343

Good to know:

Date: March 21, 2014

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?