CVE-2017-1000217
HIGHOpencast < 2.3.3 - Script Injection via Media and Metadata in Player and Media Module
Title source: llmDescription
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
References (1)
Core 1
Core References
Mailing List x_refsource_confirm
https://groups.google.com/a/opencast.org/forum/#%21topic/security-notices/sCpt0pIPEFg
Scores
CVSS v3
8.8
EPSS
0.0188
EPSS Percentile
76.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (2)
opencast/opencast
< 2.3.2
org.opencastproject/base
0 - 2.3.3Maven
Published
Nov 17, 2017
Tracked Since
Feb 18, 2026