Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1464

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-1464
Last Modified 24 Jul 2014 12:49:00
Published 07 Feb 2013 12:56:25
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1464

Summary

Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.

Vulnerable Systems

Application

  • Doryphores Audio Player 2.0.1.0

  • Doryphores Audio Player 2.0.2.0

  • Doryphores Audio Player 2.0.3.0

  • Doryphores Audio Player 2.0.3.1

  • Doryphores Audio Player 2.0.4.0

  • Doryphores Audio Player 2.0.4.1

  • Doryphores Audio Player 2.0.4.3

  • Doryphores Audio Player 2.0.4.4

  • Doryphores Audio Player 2.0.4.5


References

MISC - http://wordpress.org/extend/plugins/audio-player/changelog/

MISC - http://insight-labs.org/?p=738

SECUNIA - 58854

SECUNIA - 52083

MISC - http://packetstormsecurity.com/files/120129/WordPress-Audio-Player-SWF-Cross-Site-Scripting.html


Last Updated: 27 May 2016 10:58:32