CVE-2011-1221
Realnetworks Realplayer - XSS
Title source: ruleDescription
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.
Scores
EPSS
0.0026
EPSS Percentile
49.4%
Classification
CWE
CWE-79
Status
published
Affected Products (25)
realnetworks/realplayer
realnetworks/realplayer
realnetworks/realplayer
realnetworks/realplayer
realnetworks/realplayer
realnetworks/realplayer
realnetworks/realplayer
realnetworks/realplayer
realnetworks/realplayer_sp
realnetworks/realplayer_sp
realnetworks/realplayer_sp
realnetworks/realplayer_sp
realnetworks/realplayer_sp
realnetworks/realplayer_sp
realnetworks/realplayer_sp
... and 10 more
Timeline
Published
Oct 04, 2011
Tracked Since
Feb 18, 2026