UBUNTU-CVE-2013-1942

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2013-1942

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1942.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-1942

Upstream

CVE-2013-1942

Published

2013-08-15T17:55:00Z

Modified

2025-10-24T04:45:00Z

Severity

Ubuntu - medium

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.

References

Affected packages

Ubuntu:16.04:LTS / jquery-jplayer

Package

Name: jquery-jplayer
Purl: pkg:deb/ubuntu/jquery-jplayer@2.7.1+dfsg-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.1+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.7.1+dfsg-1",
            "binary_name": "libjs-jquery-jplayer"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1942.json"

Ubuntu:18.04:LTS / jquery-jplayer