{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-6392", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337", "refsource" : "CONFIRM", "url" : "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337" }, { "name" : "https://github.com/kaltura/server/issues/5303", "refsource" : "CONFIRM", "url" : "https://github.com/kaltura/server/issues/5303" }, { "name" : "96534", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/96534" } ] } }