CVE-2013-1765
smart-flv - Cross-Site Scripting via link or playerready Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-1765. PoCs published by Henri Salo.
AI-analyzed exploit summary This exploit demonstrates XSS vulnerabilities in the Smart Flv plugin for WordPress by injecting malicious JavaScript via the 'link' and 'playerready' parameters in the SWF file URL. The PoC shows how an attacker can execute arbitrary script code in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
Exploits (1)
This exploit demonstrates XSS vulnerabilities in the Smart Flv plugin for WordPress by injecting malicious JavaScript via the 'link' and 'playerready' parameters in the SWF file URL. The PoC shows how an attacker can execute arbitrary script code in the context of the affected site.