CVE-2011-3642

NameCVE-2011-3642
DescriptionCross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs699230

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
maharasource(unstable)(unfixed)low699230

Notes

[squeeze] - mahara <no-dsa> (Minor issue)
https://code.google.com/p/flowplayer-core/issues/detail?id=441

Search for package or bug name: Reporting problems