CVE-2014-4534

Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:html5_video_player_with_playlist_plugin_project:html5_video_player_with_playlist_plugin:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:10

Type Values Removed Values Added
References () http://codevigilant.com/disclosure/wp-plugin-html5-video-player-with-playlist-a3-cross-site-scripting-xss - Exploit () http://codevigilant.com/disclosure/wp-plugin-html5-video-player-with-playlist-a3-cross-site-scripting-xss - Exploit

Information

Published : 2014-07-02 20:55

Updated : 2024-11-21 02:10


NVD link : CVE-2014-4534

Mitre link : CVE-2014-4534

CVE.ORG link : CVE-2014-4534


JSON object : View

Products Affected

wordpress

  • wordpress

html5_video_player_with_playlist_plugin_project

  • html5_video_player_with_playlist_plugin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')