CVE-2022-25613

State: PUBLISHED · Published: 2022-04-04 · Updated: 2025-02-20 · Assigner: Patchstack

Description

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

FolioVision / FV Flowplayer Video Player (WordPress plugin) — v=<= 7.5.18.727 ≤7.5.18.727 [affected]

CVSS

3.1 score=4.1 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

References

https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers x_refsource_CONFIRM
https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-flowplayer-video-player-plugin-7-5-18-727-authenticated-persistent-cross-site-scripting-xss-vulnerability x_refsource_CONFIRM

Source

cvelistV5-main/cves/2022/25xxx/CVE-2022-25613.json