CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4351
https://notcve.org/view.php?id=CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. El módulo Spider Video Player para Drupal permite a usuarios remotos autenticados con el permiso 'acceso a la administración de Spider Video Player' eliminas ficheros arbitrarios a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72817 https://www.drupal.org/node/2437981 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4352
https://notcve.org/view.php?id=CVE-2015-4352
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. Vulnerabilidad de CSRF en el módulo Spider Video Player para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que eliminan vídeos a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72817 https://www.drupal.org/node/2437981 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8584 – SpiderVPlayer <= 1.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8584
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Web Dorado Spider Video Player (también conocido como WordPress Video Player) anterior a 1.5.2 para WordPress permite a atacantes remtoos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://wordpress.org/plugins/player/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •