Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player prior to 2.0.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
videolan vlc media player |
||
opensuse opensuse 13.1 |