Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flowplayer | Flowplayer Flash | <= 3.2.16 |
| Moodle | Moodle | <= 2.3.11 |
Related Weaknesses (CWE)
References
- http://flash.flowplayer.org/documentation/version-history.html
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
- http://openwall.com/lists/oss-security/2014/03/17/1
- https://github.com/flowplayer/flash/issues/121
- https://moodle.org/mod/forum/discuss.php?d=256420
- http://flash.flowplayer.org/documentation/version-history.html
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
- http://openwall.com/lists/oss-security/2014/03/17/1
- https://github.com/flowplayer/flash/issues/121
- https://moodle.org/mod/forum/discuss.php?d=256420
FAQ
What is CVE-2013-7341?
CVE-2013-7341 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote at...
How severe is CVE-2013-7341?
CVE-2013-7341 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7341?
Check the references section above for vendor advisories and patch information. Affected products include: Flowplayer Flowplayer Flash, Moodle Moodle.