Foliovision

Fv Flowplayer Video Player

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-6338

  • EPSS 0.65%
  • Veröffentlicht 19.07.2024 08:15:02
  • Zuletzt bearbeitet 21.11.2024 09:49:27

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of suffic...

7.1

CVE-2024-35631

  • EPSS 0.17%
  • Veröffentlicht 03.06.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 09:20:32

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212.

4.1

CVE-2024-32078

  • EPSS 0.11%
  • Veröffentlicht 24.04.2024 16:15:09
  • Zuletzt bearbeitet 21.11.2024 09:14:25

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212.

4.9

CVE-2024-32955

  • EPSS 0.08%
  • Veröffentlicht 24.04.2024 07:15:49
  • Zuletzt bearbeitet 21.11.2024 09:16:06

Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212.

7.1

CVE-2024-22299

  • EPSS 0.26%
  • Veröffentlicht 27.03.2024 06:15:14
  • Zuletzt bearbeitet 21.11.2024 08:56:00

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a thr...

6.5

CVE-2024-29122

  • EPSS 0.09%
  • Veröffentlicht 19.03.2024 15:15:10
  • Zuletzt bearbeitet 21.11.2024 09:07:36

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a throug...

6.1

CVE-2023-4520

  • EPSS 0.78%
  • Veröffentlicht 25.08.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:35:20

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update v...

6.1

CVE-2023-30499

  • EPSS 0.08%
  • Veröffentlicht 18.08.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 08:00:17

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.

8.8

CVE-2023-25066

  • EPSS 0.11%
  • Veröffentlicht 14.02.2023 06:15:09
  • Zuletzt bearbeitet 21.11.2024 07:49:02

Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions.

5.4

CVE-2022-25613

  • EPSS 0.16%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:52:26

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.