CVE-2012-3351

Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.

Published: Feb 20, 2020
Updated: Apr 13, 2023
CVE: CVE-2012-3351
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
longtailvideo / jw_player	-	5.10.2295.x

http://developer.longtailvideo.com/trac/ticket/1585
http://technet.microsoft.com/security/msvr/msvr12-009
https://www.exploit-db.com/exploits/37552
https://www.exploit-db.com/exploits/37672
https://www.securityfocus.com/bid/54101/discuss
https://www.securityfocus.com/bid/55199/exploit

Vulnerability Database

289,689

CVE-2012-3351