JW Player HTML Injection And Content Spoofing Vulnerability


JW Player is prone to an HTML injection and a content spoofing vulnerability because it fails to sanitize user-supplied input.


The original article can be found at: http://www.securityfocus.com/bid/53876


Vulnerable Systems:
 * Content Spoofing And 5.9

Attacker-supplied HTML or JavaScript code can run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Vendor Status:Disclosure Timeline:
Initial Release :Jun 07 2012

Categories: News