CVE-2017-6391 in Kaltura Server
Sumário (Inglês)
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Reservar
28/02/2017
Divulgação
02/03/2017
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 97458 | Kaltura Server SimpleJWPlayer.php Script de Site Cruzado | 79 | Não definido | Não definido | CVE-2017-6391 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV