CVE-2013-7341

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/typo3/cms

Identifiers

GHSA-j6c3-3c4w-qv8p, CVE-2013-7341

Package Slug

packagist/typo3/cms

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

Affected Versions

All versions starting from 6.2.0 before 6.2.14, all versions starting from 7.0.0 before 7.3.1

Solution

Upgrade to versions 6.2.14, 7.3.1 or above.

Last Modified

2024-02-09

source