CVE-2014-9743
published 2015-08-17CVE-2014-9743: Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.91%
77.2th percentile
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 2.2.0~rc2-1 (bookworm) | vlc 2.2.0~rc2-1 (bookworm) |
| videolan | vlc_media_player | <= 2.1.6 | — |
| videolan | vlc_media_player | >= 0 < 2.2.0~rc2-1 | 2.2.0~rc2-1 |
| videolan | vlc_media_player | >= 0 < 2.2.0~rc2-1 | 2.2.0~rc2-1 |
| videolan | vlc_media_player | >= 0 < 2.2.0~rc2-1 | 2.2.0~rc2-1 |
| videolan | vlc_media_player | >= 0 < 2.2.0~rc2-1 | 2.2.0~rc2-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5m5g-hpcx-fhwg: Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd
ghsa_unreviewed·2022-05-17
CVE-2014-9743 [MEDIUM] CWE-79 GHSA-5m5g-hpcx-fhwg: Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
OSV
CVE-2014-9743: Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd
osv·2015-08-17·CVSS 4.3
CVE-2014-9743 [MEDIUM] CVE-2014-9743: Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
Debian
CVE-2014-9743: vlc - Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in netw...
vendor_debian·2014·CVSS 4.3
CVE-2014-9743 [MEDIUM] CVE-2014-9743: vlc - Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in netw...
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
Scope: local
bookworm: resolved (fixed in 2.2.0~rc2-1)
bullseye: resolved (fixed in 2.2.0~rc2-1)
forky: resolved (fixed in 2.2.0~rc2-1)
sid: resolved (fixed in 2.2.0~rc2-1)
trixie: resolved (fixed in 2.2.0~rc2-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84bhttp://seclists.org/fulldisclosure/2014/Mar/324http://www.quantumleap.it/vlc-reflected-xss-vulnerability/http://www.securityfocus.com/bid/66307http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84bhttp://seclists.org/fulldisclosure/2014/Mar/324http://www.quantumleap.it/vlc-reflected-xss-vulnerability/http://www.securityfocus.com/bid/66307
2015-08-17
Published