XSS Vulnerability in jPlayer
Platform: ownCloud Server
Versions: 4.0.14, 4.5.9, 5.0.4,
Risk level: Medium
This vulnerability exists in the bundled 3rdparty plugin “jPlayer”, “jPlayer” released version 2.2.20 which addresses the problem.
- ownCloud Server < 5.0.4 (CVE-2013-1942)
- ownCloud Server < 4.5.9 (CVE-2013-1942)
- ownCloud Server < 4.0.14 (CVE-2013-1942)
It is recommended that all instances are upgraded to ownCloud Server 5.0.4, 4.5.9 or 4.0.14.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Malte Batram – Vulnerability discovery and disclosure.