Vulnerability Name:

CVE-2013-1942 (CCN-83397)

Assigned:2013-04-11
Published:2013-04-11
Updated:2016-12-08
Summary:Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2013-1942

Source: MLIST
Type: UNKNOWN
[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS

Source: MLIST
Type: UNKNOWN
[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS

Source: MLIST
Type: UNKNOWN
[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS

Source: CONFIRM
Type: UNKNOWN
http://owncloud.org/about/security/advisories/oC-SA-2013-014/

Source: FULLDISC
Type: UNKNOWN
20130421 Vulnerabilities in jPlayer

Source: CCN
Type: oss-sec mailing list, Thu, 11 Apr 2013 15:45:30 +0200
ownCloud Security Advisories (2013-014, 2013-015, 2013-016)

Source: CCN
Type: SA51336
WordPress Haiku minimalist audio player Plugin "jPlayer" Cross-Site Scripting Vulnerability

Source: CCN
Type: SA52978
jPlayer "jQuery" Cross-Site Scripting Vulnerability

Source: CCN
Type: SA52986
ownCloud Multiple Vulnerabilities

Source: CCN
Type: SA53057
WordPress Background Music Plugin "jPlayer" Cross-Site Scripting Vulnerability

Source: CCN
Type: SA53106
WordPress Jammer Plugin "jPlayer" Cross-Site Scripting Vulnerability

Source: CCN
Type: SA53210
WordPress Fairytale Theme jPlayer Cross-Site Scripting Vulnerability

Source: CCN
Type: SA53212
WordPress Studio Zen Theme jPlayer Cross-Site Scripting Vulnerability

Source: CCN
Type: Wordpress Plugin Directory
Haiku minimalist audio player plugin for WordPress

Source: CCN
Type: jPlayer Web Site
jPlayer

Source: CONFIRM
Type: UNKNOWN
http://www.jplayer.org/2.3.0/release-notes/

Source: CCN
Type: oss-sec Mailing List: Mon, 22 Apr 2013
Vulnerabilities in multiple plugins for WordPress with jPlayer

Source: BID
Type: UNKNOWN
59030

Source: CCN
Type: BID-59030
jPlayer 'Jplayer.swf' Script Cross Site Scripting Vulnerability

Source: CCN
Type: BID-59374
jPlayer 'Jplayer.swf' Script 'id' Parameter Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
jplayer-cve20131942-jplayer-xss(83397)

Source: CCN
Type: jPlayer GIT Repository
Security Fix of Flash SWF that had enabled cookie theft

Source: CONFIRM
Type: Exploit, Patch
https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d

Source: CCN
Type: jPlayer Google Group Web Site
jPlayer: HTML5 Audio & Video for jQuery

Source: CCN
Type: ownCloud Web site
ownCloud | Your Cloud, Your Data, Your Way!

Source: CCN
Type: Packet Storm Security [04-21-2013]
jPlayer 2.2.22 XSS / Content Spoofing

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-1942

Vulnerable Configuration:Configuration 1:
  • cpe:/a:happyworm:jplayer:0.2.1:beta:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:0.2.2:beta:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:0.2.3:beta:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:0.2.4:beta:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:0.2.5:beta:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.29:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.30:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.34:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.17:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:*:*:*:*:*:*:*:* (Version <= 2.2.19)

    • Configuration 2:
  • cpe:/a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.12:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.13:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:*:*:*:*:*:*:*:* (Version <= 5.0.3)

    • Configuration CCN 1:
  • cpe:/a:happyworm:jplayer:2.2.19:*:*:*:*:*:*:*
  • OR cpe:/a:happyworm:jplayer:2.2.18:*:*:*:*:*:*:*
  • AND
  • cpe:/a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:webartisan:soundy_background_music:1.0:*:*:*:*:wordpress:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:201319420000000
    V
    		CVE-2013-1942 on Ubuntu 18.04 LTS (bionic) - medium.
    2013-08-15
    oval:com.ubuntu.artful:def:20131942000
    V
    		CVE-2013-1942 on Ubuntu 17.10 (artful) - medium.
    2013-08-15
    oval:com.ubuntu.trusty:def:20131942000
    V
    		CVE-2013-1942 on Ubuntu 14.04 LTS (trusty) - medium.
    2013-08-15
    oval:com.ubuntu.xenial:def:201319420000000
    V
    		CVE-2013-1942 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-08-15
    oval:com.ubuntu.bionic:def:20131942000
    V
    		CVE-2013-1942 on Ubuntu 18.04 LTS (bionic) - medium.
    2013-08-15
    oval:com.ubuntu.xenial:def:20131942000
    V
    		CVE-2013-1942 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-08-15
    oval:com.ubuntu.disco:def:201319420000000
    V
    		CVE-2013-1942 on Ubuntu 19.04 (disco) - medium.
    2013-08-15
    oval:com.ubuntu.cosmic:def:20131942000
    V
    		CVE-2013-1942 on Ubuntu 18.10 (cosmic) - medium.
    2013-08-15
    oval:com.ubuntu.cosmic:def:201319420000000
    V
    		CVE-2013-1942 on Ubuntu 18.10 (cosmic) - medium.
    2013-08-15
    oval:com.ubuntu.precise:def:20131942000
    V
    		CVE-2013-1942 on Ubuntu 12.04 LTS (precise) - medium.
    2013-08-15
    BACK
    happyworm jplayer 0.2.1 beta
    happyworm jplayer 0.2.2 beta
    happyworm jplayer 0.2.3 beta
    happyworm jplayer 0.2.4 beta
    happyworm jplayer 0.2.5 beta
    happyworm jplayer 1.0.0
    happyworm jplayer 1.1.0
    happyworm jplayer 1.1.1
    happyworm jplayer 1.2.0
    happyworm jplayer 2.0.0
    happyworm jplayer 2.0.1
    happyworm jplayer 2.0.2
    happyworm jplayer 2.0.3
    happyworm jplayer 2.0.4
    happyworm jplayer 2.0.5
    happyworm jplayer 2.0.6
    happyworm jplayer 2.0.7
    happyworm jplayer 2.0.8
    happyworm jplayer 2.0.9
    happyworm jplayer 2.0.10
    happyworm jplayer 2.0.11
    happyworm jplayer 2.0.12
    happyworm jplayer 2.0.13
    happyworm jplayer 2.0.14
    happyworm jplayer 2.0.15
    happyworm jplayer 2.0.16
    happyworm jplayer 2.0.17
    happyworm jplayer 2.0.18
    happyworm jplayer 2.0.19
    happyworm jplayer 2.0.20
    happyworm jplayer 2.0.21
    happyworm jplayer 2.0.22
    happyworm jplayer 2.0.23
    happyworm jplayer 2.0.24
    happyworm jplayer 2.0.25
    happyworm jplayer 2.0.26
    happyworm jplayer 2.0.27
    happyworm jplayer 2.0.28
    happyworm jplayer 2.0.29
    happyworm jplayer 2.0.30
    happyworm jplayer 2.0.31
    happyworm jplayer 2.0.32
    happyworm jplayer 2.0.33
    happyworm jplayer 2.0.34
    happyworm jplayer 2.0.35
    happyworm jplayer 2.0.36
    happyworm jplayer 2.1.0
    happyworm jplayer 2.1.1
    happyworm jplayer 2.1.2
    happyworm jplayer 2.1.3
    happyworm jplayer 2.1.4
    happyworm jplayer 2.1.5
    happyworm jplayer 2.1.6
    happyworm jplayer 2.2.0
    happyworm jplayer 2.2.1
    happyworm jplayer 2.2.2
    happyworm jplayer 2.2.3
    happyworm jplayer 2.2.4
    happyworm jplayer 2.2.5
    happyworm jplayer 2.2.6
    happyworm jplayer 2.2.7
    happyworm jplayer 2.2.8
    happyworm jplayer 2.2.9
    happyworm jplayer 2.2.10
    happyworm jplayer 2.2.11
    happyworm jplayer 2.2.12
    happyworm jplayer 2.2.13
    happyworm jplayer 2.2.14
    happyworm jplayer 2.2.15
    happyworm jplayer 2.2.16
    happyworm jplayer 2.2.17
    happyworm jplayer 2.2.18
    happyworm jplayer *
    owncloud owncloud 3.0.0
    owncloud owncloud 3.0.1
    owncloud owncloud 3.0.2
    owncloud owncloud 3.0.3
    owncloud owncloud 4.0.0
    owncloud owncloud 4.0.1
    owncloud owncloud 4.0.2
    owncloud owncloud 4.0.3
    owncloud owncloud 4.0.4
    owncloud owncloud 4.0.5
    owncloud owncloud 4.0.6
    owncloud owncloud 4.0.7
    owncloud owncloud 4.0.8
    owncloud owncloud 4.0.9
    owncloud owncloud 4.0.10
    owncloud owncloud 4.0.11
    owncloud owncloud 4.0.12
    owncloud owncloud 4.0.13
    owncloud owncloud 4.0.14
    owncloud owncloud 4.0.15
    owncloud owncloud 4.0.16
    owncloud owncloud 4.5.0
    owncloud owncloud 4.5.1
    owncloud owncloud 4.5.2
    owncloud owncloud 4.5.3
    owncloud owncloud 4.5.4
    owncloud owncloud 4.5.5
    owncloud owncloud 4.5.6
    owncloud owncloud 4.5.7
    owncloud owncloud 4.5.8
    owncloud owncloud 4.5.9
    owncloud owncloud 4.5.10
    owncloud owncloud 4.5.11
    owncloud owncloud 4.5.12
    owncloud owncloud 4.5.13
    owncloud owncloud 5.0.0
    owncloud owncloud 5.0.1
    owncloud owncloud 5.0.2
    owncloud owncloud *
    happyworm jplayer 2.2.19
    happyworm jplayer 2.2.18
    owncloud owncloud 5.0.3
    owncloud owncloud 4.5.8
    owncloud owncloud 4.0.13
    webartisan soundy background music 1.0