VLC Media Player 'src/network/httpd. c' Cross-Site Scripting Vulnerability

VLC Media Player 'src/network/httpd. c' Cross-Site Scripting Vulnerability
VLC Media Player 'src/network/httpd. c' Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:

VideoLAN VLC Media Player < 2.2.0

Description:

Bugtraq id: 66307
CVE (CAN) ID: CVE-2014-9743

VLC Media Player is a multimedia Player.

VideoLAN VLC Media Player versions earlier than 2.2.0, network/httpd in the Web interface. the httpd_HtmlError function of c has a cross-site scripting vulnerability, which allows remote attackers to inject Web scripts or HTML through path information.

<* Source: Francesco Perna
Pietro Minniti
*>

Suggestion:

Vendor patch:

VideoLAN
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://git.videolan.org /? P = vlc. git; a = commit; h = fe5063ec5ad1873039ea719eb1f137c8f3bda84b

Install the latest version of VLC2.0.2 on Ubuntu 12.04

How to install VLC 2.2.0 on Ubuntu 14.04

Install VLC on yum in CentOS 6.5

Ubuntu 14.04 tips: display notifications of VLC (VLC media player)

Fedora 22 How do users install VLC media player

For details about VLC media player, click here
VLC media player: click here

This article permanently updates the link address: