| Vulnerability Name: | CVE-2011-3642 (CCN-82113) | ||||||||||||
| Assigned: | 2011-09-22 | ||||||||||||
| Published: | 2013-02-15 | ||||||||||||
| Updated: | 2020-02-12 | ||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. | ||||||||||||
| CVSS v3 Severity: | 9.6 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MISC Type: Broken Link http://appsec.ws/Presentations/FlashFlooding.pdf Source: MITRE Type: CNA CVE-2011-3642 Source: CCN Type: SA52074 Mahara Flowplayer Cross-Site Scripting Vulnerability Source: MISC Type: Third Party Advisory http://secunia.com/advisories/52074 Source: CCN Type: SA53529 TYPO3 Cross-Site Scripting and Arbitrary File Upload Vulnerabilities Source: CCN Type: SA54206 Flowplayer Flash "plugin" Domain Bypass Cross-Site Scripting Vulnerability Source: MISC Type: Third Party Advisory http://secunia.com/advisories/54206 Source: MISC Type: Third Party Advisory http://secunia.com/advisories/58854 Source: CCN Type: TYPO3-CORE-SA-2013-002 Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core Source: MISC Type: Broken Link http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009 Source: MISC Type: Broken Link http://web.appsec.ws/FlashExploitDatabase.php Source: CCN Type: BID-61658 Flowplayer Cross Site Scripting Vulnerability Source: MISC Type: Third Party Advisory https://bugs.launchpad.net/mahara/+bug/1103748 Source: MISC Type: Exploit, Third Party Advisory https://code.google.com/p/flowplayer-core/issues/detail?id=441 Source: XF Type: UNKNOWN maharaflowplayer-flowplayer327-xss(82113) Source: CCN Type: Mahara Community Security Announcements External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 Source: CCN Type: Mahara Web site Security Announcements - External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 - Mahara ePortfolio System Source: MISC Type: Third Party Advisory https://mahara.org/interaction/forum/topic.php?id=5237 Source: MISC Type: Third Party Advisory, VDB Entry https://www.securityfocus.com/bid/48651 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||