Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7341

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-7341
Last Modified 24 Mar 2014 10:56:41
Published 24 Mar 2014 10:20:39
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7341

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

Vulnerable Systems

Application

  • Flowplayer Flash 3.0.0

  • Flowplayer Flash 3.0.1

  • Flowplayer Flash 3.0.2

  • Flowplayer Flash 3.0.3

  • Flowplayer Flash 3.0.4

  • Flowplayer Flash 3.0.5

  • Flowplayer Flash 3.0.6

  • Flowplayer Flash 3.1.0

  • Flowplayer Flash 3.1.1

  • Flowplayer Flash 3.1.2

  • Flowplayer Flash 3.1.3

  • Flowplayer Flash 3.1.4

  • Flowplayer Flash 3.1.5

  • Flowplayer Flash 3.2.0

  • Flowplayer Flash 3.2.1

  • Flowplayer Flash 3.2.10

  • Flowplayer Flash 3.2.11

  • Flowplayer Flash 3.2.12

  • Flowplayer Flash 3.2.13

  • Flowplayer Flash 3.2.14

  • Flowplayer Flash 3.2.15

  • Flowplayer Flash 3.2.16

  • Flowplayer Flash 3.2.2

  • Flowplayer Flash 3.2.3

  • Flowplayer Flash 3.2.4

  • Flowplayer Flash 3.2.5

  • Flowplayer Flash 3.2.6

  • Flowplayer Flash 3.2.7

  • Flowplayer Flash 3.2.8

  • Flowplayer Flash 3.2.9

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.0.4

  • Moodle 2.0.5

  • Moodle 2.0.6

  • Moodle 2.0.7

  • Moodle 2.0.8

  • Moodle 2.0.9

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.10

  • Moodle 2.1.2

  • Moodle 2.1.3

  • Moodle 2.1.4

  • Moodle 2.1.5

  • Moodle 2.1.6

  • Moodle 2.1.7

  • Moodle 2.1.8

  • Moodle 2.1.9

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.10

  • Moodle 2.2.11

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.2.4

  • Moodle 2.2.5

  • Moodle 2.2.6

  • Moodle 2.2.7

  • Moodle 2.2.8

  • Moodle 2.2.9

  • Moodle 2.3

  • Moodle 2.3.1

  • Moodle 2.3.10

  • Moodle 2.3.11

  • Moodle 2.3.2

  • Moodle 2.3.3

  • Moodle 2.3.4

  • Moodle 2.3.5

  • Moodle 2.3.6

  • Moodle 2.3.7

  • Moodle 2.3.8

  • Moodle 2.3.9

  • Moodle 2.4

  • Moodle 2.4.1

  • Moodle 2.4.2

  • Moodle 2.4.3

  • Moodle 2.4.4

  • Moodle 2.4.5

  • Moodle 2.4.6

  • Moodle 2.4.7

  • Moodle 2.4.8

  • Moodle 2.5

  • Moodle 2.5.1

  • Moodle 2.5.2

  • Moodle 2.5.3

  • Moodle 2.5.4

  • Moodle 2.6

  • Moodle 2.6.1


References

CONFIRM - https://moodle.org/mod/forum/discuss.php?d=256420

CONFIRM - https://github.com/flowplayer/flash/issues/121

MLIST - [oss-security] 20140317 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344

CONFIRM - http://flash.flowplayer.org/documentation/version-history.html


Last Updated: 27 May 2016 11:04:46