CVE-2017-6391 Information
Feb 14, 2021
cve
Description
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \admin_console/web/tools/SimpleJWPlayer.php\ URL the \admin_console/web/tools/AkamaiBroadcaster.php\ URL the \admin_console/web/tools/bigRedButton.php\ URL and the \admin_console/web/tools/bigRedButtonPtsPoc.php\ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.securityfocus.com/bid/96534 https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337 https://github.com/kaltura/server/issues/5300
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: