1
Candidate: CVE-2013-2022
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022
5
http://www.openwall.com/lists/oss-security/2013/04/29
6
http://www.jplayer.org/2.3.0/release-notes/
8
Multiple cross-site scripting (XSS) vulnerabilities in
9
actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer
10
before 2.2.23 allow remote attackers to inject arbitrary web script or HTML
11
via the (1) jQuery or (2) id parameters, a different vulnerability than
12
CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert
13
function in the jQuery parameter. NOTE: these are the same parameters as
14
CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the
18
sarnold> probably duplicate of CVE-2013-1942
21
Discovered-by: Malte Batram
25
upstream: https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d
26
upstream_jplayer: released (2.2.20, 2.3.0)
29
oneiric_jplayer: ignored (reached end-of-life)
30
precise_jplayer: ignored (reached end-of-life)
31
precise/esm_jplayer: DNE (precise was needed)
32
quantal_jplayer: ignored (reached end-of-life)
33
raring_jplayer: ignored (reached end-of-life)
34
saucy_jplayer: ignored (reached end-of-life)
35
trusty_jplayer: needed
36
utopic_jplayer: ignored (reached end-of-life)
37
vivid_jplayer: ignored (reached end-of-life)
38
vivid/stable-phone-overlay_jplayer: DNE
39
vivid/ubuntu-core_jplayer: DNE
40
wily_jplayer: ignored (reached end-of-life)
41
xenial_jplayer: needed
42
yakkety_jplayer: ignored (reached end-of-life)
43
zesty_jplayer: ignored (reached end-of-life)
44
artful_jplayer: needed
45
bionic_jplayer: needed