UBUNTU-CVE-2013-3565

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2013-3565
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-3565.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-3565
Related
Published
2020-01-31T22:15:00Z
Modified
2025-01-13T10:21:04Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.

References

Affected packages

Ubuntu:14.04:LTS / vlc

Package

Name
vlc
Purl
pkg:deb/ubuntu/vlc@2.1.2-2build2?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-2build2

Affected versions

2.*

2.0.8-1
2.1.1-1
2.1.2-1
2.1.2-2
2.1.2-2build1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "libvlc-dev"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "libvlc5"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "libvlccore-dev"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "libvlccore7"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-data"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-dbg"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-nox"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-plugin-fluidsynth"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-plugin-jack"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-plugin-notify"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-plugin-pulse"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-plugin-sdl"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-plugin-svg"
        },
        {
            "binary_version": "2.1.2-2build2",
            "binary_name": "vlc-plugin-zvbi"
        }
    ]
}