Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 up to and including 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote malicious users to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flowplayer flowplayer flash |