Foliovision FV Flowplayer Video Player Vulnerable to Reflected XSS
CVE-2024-22299

7.1HIGH

Key Information:

Vendor: WordPress
Status: Fv FloWPlayer Video Player
Vendor: CVE Published:; 27 March 2024

Summary

An improper neutralization of input during the web page generation process in FV Flowplayer Video Player allows for reflected cross-site scripting (XSS) attacks. Attackers can exploit this vulnerability to inject malicious scripts, resulting in unauthorized access to sensitive user information or actions on behalf of the user. This affects versions of FV Flowplayer Video Player up to 7.5.41.7212, creating significant security risks for web applications leveraging this tool.

Affected Version(s)

FV Flowplayer Video Player <= 7.5.41.7212

References

https://patchstack.com/database/vulnerability/fv-wordpres...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Jan 8, 2024

Credit

Rafie Muhammad (Patchstack)