CVE-2019-14799 – FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14799
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. El plugin FV Flowplayer Video Player en versiones anteriores a 7.3.14.727 para WordPress, permite un ataque de tipo XSS en la suscripción de correo electrónico. • https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers https://wpvulndb.com/vulnerabilities/9278 https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-14800 – FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2019-14800
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. El plugin FV Flowplayer Video Player versiones anteriores a 7.3.15.727 para WordPress, permite a invitados obtener la lista de suscripción de correo electrónico en formato CSV por medio del URI wp-admin/admin-post.php?Page=fvplayer&fv-email-export=1. • https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-0642 – FV Flowplayer Video Player 6.1.2 - 6.6.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0642
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en FV Flowplayer Video Player, de la versión 6.1.2 a la 6.6.4, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN70246549/index.html https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •