CVE-2012-3351
MEDIUMLongtailvideo JW Player < 5.10.2295 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by MustLive · textwebappsphp
https://www.exploit-db.com/exploits/37672
exploitdb
WORKING POC
VERIFIED
by MustLive · textwebappsphp
https://www.exploit-db.com/exploits/37552
References (6)
Scores
CVSS v3
6.1
EPSS
0.1014
EPSS Percentile
93.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (1)
longtailvideo/jw_player
< 5.10.2295
Timeline
Published
Feb 20, 2020
Tracked Since
Feb 18, 2026