2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2013-2022" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2013-08-17T16:55:06.300" ,
2024-11-22 19:15:24 +00:00
"lastModified" : "2024-11-21T01:50:52.923" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
2023-11-07 21:03:21 +00:00
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter."
2023-04-24 12:24:31 +02:00
} ,
{
"lang" : "es" ,
"value" : "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo actionscript/Jplayer.as en el componente Flash SWF (jplayer.swf) en jPlayer anterior a versi\u00f3n 2.2.23, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro (1) jQuery o (2 ) id, una vulnerabilidad diferente de CVE-2013-1942 y CVE-2013-2023, como es demostrado mediante el uso de la funci\u00f3n alert en el par\u00e1metro jQuery. NOTA: estos son los mismos par\u00e1metros del CVE-2013-1942, pero la soluci\u00f3n para CVE-2013-1942 usa una lista negra para el par\u00e1metro jQuery."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N" ,
2024-11-22 19:15:24 +00:00
"baseScore" : 4.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-11-22 19:15:24 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "2.2.22" ,
"matchCriteriaId" : "8C1D31F6-F095-4098-9D84-FDB7496CAD07"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:0.2.1:beta:*:*:*:*:*:*" ,
"matchCriteriaId" : "0C05F0A8-2769-4583-A475-97712D557775"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:0.2.2:beta:*:*:*:*:*:*" ,
"matchCriteriaId" : "1C3991D8-DD4A-4622-A0E8-C65F9D73A429"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:0.2.3:beta:*:*:*:*:*:*" ,
"matchCriteriaId" : "21F669D7-3D60-44BA-91F8-548C9903E1B7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:0.2.4:beta:*:*:*:*:*:*" ,
"matchCriteriaId" : "A84C5A87-0430-46F6-A136-39B471A79200"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:0.2.5:beta:*:*:*:*:*:*" ,
"matchCriteriaId" : "671BBCBC-7347-4884-8CF0-79626756FCCE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:1.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF21E522-89C8-49D6-8437-C54CEAE4B234"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:1.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DDE1B6AA-052F-403D-B0E6-81505D085E51"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:1.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FAACB377-B72E-4C3B-989D-8D33D47E449A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:1.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A619C177-6E97-42DC-A93F-1AB9FF62F4B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "29AD3C20-0352-44A2-81C5-94D43683545C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2573E598-5171-4A4B-9054-7E52DD1C8118"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CB9929D6-1BDE-438B-82F5-EA3CC85FD675"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D4277499-5570-427E-AA92-39E622992F22"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5D662512-9A68-48C9-8362-913B432C67CB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "154075A2-89E5-4104-A5A8-98F7C90B000F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9364A70E-06FA-4142-88D7-B5D50DC28025"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "92A73773-E3E1-4E64-84F7-10A5AB52E8B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7D1467D6-0988-4AC0-B56E-80BD9350088E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0C1F3549-1F8C-41AB-82BF-636531614594"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AA58A0CE-0A37-4BD4-A727-7E2EB09668A1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F0A54796-F789-4645-B82A-2466FDA010B3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7C444A04-F6C4-45C2-9EDF-64D901003B7A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5ECCC879-B1D0-4994-B650-1516ECE44E38"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.14:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3944BB3A-D84E-4536-BE69-0F5F5794271E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D99BED98-6C3E-4088-98C6-3D07762261C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.16:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DFFAB697-EE0D-4F59-9D99-E585F9F78414"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.17:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "018D71A2-7E77-42D1-8349-07681AEF08C0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.18:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FEC30B1A-0D62-4A25-8269-CAF087FD65A9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.19:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0796C534-782E-4000-9CD1-678B918D1644"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.20:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "59B1FBE8-DF84-4AC7-B4C4-A186354DB57A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CC6B210F-A45D-4C9F-9005-CCFC49CC01A6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "490C6A01-F0AC-4E92-BE7F-A6579A587269"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.23:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C2F18250-C5B8-4D30-8330-C07EB0A765EB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.24:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "76023F77-7B30-4283-B07A-6C4C0E3382A9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.25:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0812334D-2679-4362-8EA3-C89E8786872C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.26:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "252DD6F7-8489-4387-8797-F6018456AD7B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.27:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7589B05C-E361-47CE-B5AB-70462348FC26"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.28:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0D031586-D974-4B98-87CA-9695547B0080"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.29:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BA2B1723-6C40-4992-BAE6-FCDB1C9AB7BD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.30:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CBD668BB-C691-4A57-9E87-4AE2C2A9BC6D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.31:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D9431D12-58B7-4943-8E1C-80559BF83ACB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.32:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1F8733FE-C6FC-433F-91D5-A843486788B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.33:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "698CB307-8F9A-40DF-A992-1346FC36E8F6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.34:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2CC42A34-54AD-4C9B-A664-3FE7E5D1C317"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.35:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4062AFBE-E501-447E-9C05-B7C07473D096"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.0.36:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BD8467C8-9A25-45FF-8955-EDE06AA6ED50"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B35B9F1E-8FB0-4B3F-9CCE-A1A058A13582"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "63C62C17-DB82-4770-9C25-C5571C0CFD7F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C2B6617C-7C6A-4A1D-8D7F-4BFB16253396"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "08E970BC-1C31-4FB5-A848-A98CED0711D8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.1.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3B790B03-4E29-4C20-86A6-FBED36647789"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.1.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "04DF09ED-1209-4C0C-A589-99D4049DB0C3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.1.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9BF64FC2-CCB2-4709-81FB-6CFB1D6269C7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EBA24DA7-D0F8-4478-97CA-3144C9E3E0C7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "85DC9D2C-B237-4C5C-91BC-41A765F6EA38"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D662D8BD-7C84-405F-8958-D61268318144"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1E24FF8E-88D4-47F4-9144-D2FEA7F9D1CA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BB102921-177A-4290-904C-8369F83DD0E0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8AF1864F-DC3B-4BBD-B809-C073C625DC76"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "51C8FF95-B063-4777-8BE5-2E3FD2F41141"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.14:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DBDEBEA6-4299-4390-A40D-448EB5D6B410"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0E000589-7D68-47D5-80E6-20189C48600C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.16:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6B63C4ED-C675-4B02-AF70-899A2619BF8A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.17:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D52294B4-7963-44C9-B577-80F41AB9F70A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.18:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7E5E7A83-6237-48E6-9E22-A2FAE00CF735"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.19:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9C1F0DB8-2DC8-4D74-80C8-858FAD12C169"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.20:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "43D27F0E-5C23-4294-9A88-DB280A32B26E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:happyworm:jplayer:2.2.21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "92E17A72-68E0-4731-A4FD-A91FB14A0D63"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://seclists.org/fulldisclosure/2013/Apr/192" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.jplayer.org/2.3.0/release-notes/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2013/06/27/7" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2013/07/04/5" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373" ,
"source" : "secalert@redhat.com"
2024-11-22 19:15:24 +00:00
} ,
{
"url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://seclists.org/fulldisclosure/2013/Apr/192" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.jplayer.org/2.3.0/release-notes/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2013/06/27/7" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2013/07/04/5" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
