CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-6391

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1920%
EPSS Percentile3.33th
Published2017年3月2日
Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Affected Platforms (CPE)

📦
Kaltura

Kaltura Server

<= lynx-12.11.0

References & Advisories

🔗 http://www.securityfocus.com/bid/96534
🔗 https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337
🔗 https://github.com/kaltura/server/issues/5300
🔗 http://www.securityfocus.com/bid/96534
🔗 https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337
🔗 https://github.com/kaltura/server/issues/5300

相关漏洞威胁

CVE-2017-63926.1

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied d...

CVE-2016-15044

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlle...

CVE-2017-332410.0

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcompone...

CVE-2017-379110.0

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication ...