Cross-site Scripting Vulnerability in Live Streaming Video Player by SRS
CVE-2025-27327
6.5MEDIUM
Key Information:
- Vendor
- Winlin
- Status
- Live Streaming Video Player – By Srs Player
- Vendor
- CVE Published:
- 24 February 2025
Summary
A Cross-site Scripting (XSS) vulnerability exists in the Live Streaming Video Player by SRS Player, enabling attackers to execute scripts in the context of a victim's browser session. This flaw arises from improper handling of user input during web page generation, allowing attackers to inject malicious scripts. As a result, users may be susceptible to data theft, session hijacking, and other malicious activities. The vulnerability impacts all versions of the player up to and including 1.0.18, necessitating immediate attention from administrators to prevent exploitation.
Affected Version(s)
Live Streaming Video Player – by SRS Player <= 1.0.18
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
theviper17 (Patchstack Alliance)