Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
foliovision vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32955
Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a up to and including 7.5.43.7212.
NA
CVE-2024-22299
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a up to and including 7.5...
NA
CVE-2024-29122
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a up to and including 7.5.41...
NA
CVE-2023-4520
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the &...
Foliovision Fv Flowplayer Video Player
NA
CVE-2023-30499
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.
Foliovision Fv Flowplayer Video Player
NA
CVE-2023-25066
Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions.
Foliovision Fv Flowplayer Video Player
3.5
CVSSv2
CVE-2022-25613
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
Foliovision Fv Flowplayer Video Player
6.5
CVSSv2
CVE-2022-25607
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
Foliovision Fv Flowplayer Video Player
4.3
CVSSv2
CVE-2021-39350
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows malicious users to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.
Foliovision Fv Flowplayer Video Player
3.5
CVSSv2
CVE-2020-35748
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin prior to 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.
Foliovision Fv Flowplayer Video Player
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »