CVE-2013-1967 — Cross-site Scripting in Mediaelement.js

CWE-79 — Cross-site Scripting6 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 31.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediaelementjs Mediaelement.js Owncloud Server

Timeline

PublishedFeb 5

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDowncloud/owncloud_server15 versions+14

▶NVDmediaelementjs/mediaelement.js2.11.1+70

Patches

Patch: owncloud.org ↗Patch: seclists.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gxcr-ff3v-w6r6: Cross-site scripting (XSS) vulnerability in flashmediaelement↗2022-05-17

▶

CVEList

CVE-2013-1967: Cross-site scripting (XSS) vulnerability in flashmediaelement↗2014-02-05

▶

💬Community

Bugzilla

CVE-2013-1967 owncloud: security fixes in 4.5.10 [epel-6]↗2013-04-22

▶

Bugzilla

CVE-2013-1967 owncloud: security fixes in 4.5.10 [fedora-18]↗2013-04-22

▶

Bugzilla

CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10↗2013-04-22

▶