CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-6392

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile36.21th
Published2017年3月2日
Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Affected Platforms (CPE)

📦
Kaltura

Kaltura Server

<= lynx-12.11.0

References & Advisories

🔗 http://www.securityfocus.com/bid/96534
🔗 https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337
🔗 https://github.com/kaltura/server/issues/5303
🔗 http://www.securityfocus.com/bid/96534
🔗 https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337
🔗 https://github.com/kaltura/server/issues/5303

相关漏洞威胁

CVE-2017-63916.1

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied d...

CVE-2016-15044

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlle...

CVE-2017-332410.0

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcompone...

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...