CVE-2013-1464

Currently unrated

Key Information:

Vendor: Wordpress
Status: Audio Player
Vendor: CVE Published:; 7 February 2013

Summary

Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.

References

http://wordpress.org/extend/plugins/audio-player/changelog/

x_refsource_MISC

http://insight-labs.org/?p=738

x_refsource_MISC

http://secunia.com/advisories/52083

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 7, 2013
Vulnerability Reserved
Jan 29, 2013