CVE-2013-1967 Information

Description

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10 allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Reference

http://owncloud.org/about/security/advisories/oC-SA-2013-017 http://seclists.org/oss-sec/2013/q2/111 http://seclists.org/oss-sec/2013/q2/133 http://secunia.com/advisories/53079 https://bugzilla.redhat.com/show_bug.cgi?id=955307 https://exchange.xforce.ibmcloud.com/vulnerabilities/83647 https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd https://github.com/johndyer/mediaelement/tree/2.11.1