Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Feb 2013 00:23:59 +0200
From: Henri Salo <>
Subject: CVE request: WordPress plugin smart-flv jwplayer.swf XSS

Hello list,

With wpscan-team I noticed that file jwplayer.swf in WordPress plugin smart-flv
is vulnerable to reflected XSS vulnerability.


With user interaction (clicking the page):
No interaction:

WordPress guys could you report this to the developer since I don't know his/her
email address, thanks? Could you also tell me if there is a way to contact
plugin developers directly, thank you. Please include CVE to changelog if

Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.