Dewplayer – dewplayer-vinyl-en.swf xml Parameter XML File H&ling XSS

Affects Plugins

dewplayer-flash-mp3-player

No known fix

advanced-dewplayer

Fixed in 1.5

References

URL

https://packetstormsecurity.com/files/#124582/

URL

https://seclists.org/fulldisclosure/2013/Dec/192

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

6ae5fe6d-e272-4a0f-9bc4-a8a052c3cfe2

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2023-09-13

Title

Feeds for YouTube < 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2024-07-09

Title

ConeBlog – WordPress Blog Widgets < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-10-14

Title

Mitm Bug Tracker <= 1.0 - Reflected Cross-Site Scripting

Published

2023-12-13

Title

WP Crowdfunding < 2.1.9 - Reflected XSS

Published

2025-12-11

Title

BUKAZU Search widget < 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute