Description
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Henri Salo · textwebappsphp
https://www.exploit-db.com/exploits/38331
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q1/446
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/90606
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58135
Scores
EPSS
0.0178
EPSS Percentile
82.9%
Details
CWE
CWE-79
Status
published
Products (1)
smart-flv_plugin_project/smart-flv
Published
May 14, 2014
Tracked Since
Feb 18, 2026