Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1942Cross-site Scripting in Jplayer

CWE-79Cross-site Scripting16 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
8.8%
top 7.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Happyworm JplayerOwncloudOwncloud Server
Timeline
PublishedAug 15
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

npmhappyworm/jplayer< 2.3.0
NVDhappyworm/jplayer2.2.19+81
NVDowncloud/owncloud_server38 versions+37

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

10
GHSA
GHSA-cg3q-wfc7-4hp7: Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer2022-05-17
GHSA
jplayer Cross Site Scripting vulnerability2022-05-17
OSV
jplayer Cross Site Scripting vulnerability2022-05-17
GHSA
GHSA-g3mw-cwj5-rvgj: Cross-site scripting (XSS) vulnerability in actionscript/Jplayer2022-05-17
OSV
CVE-2013-2022: Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer2013-08-17

💥Exploits & PoCs

1
Exploit-DB
jPlayer - 'Jplayer.swf' Script Cross-Site Scripting2013-03-29

💬Community

2
Bugzilla
CVE-2013-1942 CVE-2013-2022 CVE-2013-2023 owncloud: multiple XSS flaws in included Jplayer.as2013-08-22
Bugzilla
CVE-2013-1942 CVE-2013-2023 CVE-2013-2022 owncloud: multiple XSS flaws in included Jplayer.as [fedora-all]2013-08-22
CVE-2013-1942 — Cross-site Scripting in Jplayer | cvebase