CVE-2013-1942
Summary
| CVE | CVE-2013-1942 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-08-15 17:55:24 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Happyworm | Jplayer | 0.2.1 | beta | All | All |
| Application | Happyworm | Jplayer | 0.2.2 | beta | All | All |
| Application | Happyworm | Jplayer | 0.2.3 | beta | All | All |
| Application | Happyworm | Jplayer | 0.2.4 | beta | All | All |
| Application | Happyworm | Jplayer | 0.2.5 | beta | All | All |
| Application | Happyworm | Jplayer | 1.0.0 | All | All | All |
| Application | Happyworm | Jplayer | 1.1.0 | All | All | All |
| Application | Happyworm | Jplayer | 1.1.1 | All | All | All |
| Application | Happyworm | Jplayer | 1.2.0 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.0 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.1 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.10 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.11 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.12 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.13 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.14 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.15 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.16 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.17 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.18 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.19 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.2 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.20 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.21 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.22 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.23 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.24 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.25 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.26 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.27 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.28 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.29 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.3 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.30 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.31 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.32 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.33 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.34 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.35 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.36 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.4 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.5 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.6 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.7 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.8 | All | All | All |
| Application | Happyworm | Jplayer | 2.0.9 | All | All | All |
| Application | Happyworm | Jplayer | 2.1.0 | All | All | All |
| Application | Happyworm | Jplayer | 2.1.1 | All | All | All |
| Application | Happyworm | Jplayer | 2.1.2 | All | All | All |
| Application | Happyworm | Jplayer | 2.1.3 | All | All | All |
| Application | Happyworm | Jplayer | 2.1.4 | All | All | All |
| Application | Happyworm | Jplayer | 2.1.5 | All | All | All |
| Application | Happyworm | Jplayer | 2.1.6 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.0 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.1 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.10 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.11 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.12 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.13 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.14 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.15 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.16 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.17 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.18 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.2 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.3 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.4 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.5 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.6 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.7 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.8 | All | All | All |
| Application | Happyworm | Jplayer | 2.2.9 | All | All | All |
| Application | Happyworm | Jplayer | All | All | All | All |
| Application | Owncloud | Owncloud | All | All | All | All |
| Application | Owncloud | Owncloud Server | 3.0.0 | All | All | All |
| Application | Owncloud | Owncloud Server | 3.0.1 | All | All | All |
| Application | Owncloud | Owncloud Server | 3.0.2 | All | All | All |
| Application | Owncloud | Owncloud Server | 3.0.3 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.0 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.1 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.10 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.11 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.12 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.13 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.14 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.15 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.16 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.2 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.3 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.4 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.5 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.6 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.7 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.8 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.0.9 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.0 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.1 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.10 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.11 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.12 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.13 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.2 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.3 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.4 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.5 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.6 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.7 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.8 | All | All | All |
| Application | Owncloud | Owncloud Server | 4.5.9 | All | All | All |
| Application | Owncloud | Owncloud Server | 5.0.0 | All | All | All |
| Application | Owncloud | Owncloud Server | 5.0.1 | All | All | All |
| Application | Owncloud | Owncloud Server | 5.0.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| jPlayer Release notes : HTML5 Audio & Video for jQuery | af854a3a-2127-422b-91ae-364da2661108 | www.jplayer.org | |
| XSS vulnerability in jPlayer (oC-SA-2013-014) | ownCloud.org | af854a3a-2127-422b-91ae-364da2661108 | owncloud.org | |
| Security Fix of Flash SWF that had enabled cookie theft · jplayer/jPlayer@e8ca190 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Exploit, Patch |
| Full Disclosure: Vulnerabilities in jPlayer | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| jPlayer 'Jplayer.swf' Script Cross Site Scripting Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| 'Re: [oss-security] Re: CVE-2013-1942 jPlayer 2.2.19 XSS' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| '[oss-security] Re: CVE-2013-1942 jPlayer 2.2.19 XSS' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| '[oss-security] CVE-2013-1942 jPlayer 2.2.19 XSS' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.