VLC Media Player 'src/network/httpd. c' Cross-Site Scripting Vulnerability
VLC Media Player 'src/network/httpd. c' Cross-Site Scripting Vulnerability
Release date:
Updated on:
Affected Systems:
VideoLAN VLC Media Player < 2.2.0
Description:
Bugtraq id: 66307
CVE (CAN) ID: CVE-2014-9743
VLC Media Player is a multimedia Player.
VideoLAN VLC Media Player versions earlier than 2.2.0, network/httpd in the Web interface. the httpd_HtmlError function of c has a cross-site scripting vulnerability, which allows remote attackers to inject Web scripts or HTML through path information.
<* Source: Francesco Perna
Pietro Minniti
*>
Suggestion:
Vendor patch:
VideoLAN
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.videolan.org /? P = vlc. git; a = commit; h = fe5063ec5ad1873039ea719eb1f137c8f3bda84b
Install the latest version of VLC2.0.2 on Ubuntu 12.04
How to install VLC 2.2.0 on Ubuntu 14.04
Install VLC on yum in CentOS 6.5
Ubuntu 14.04 tips: display notifications of VLC (VLC media player)
Fedora 22 How do users install VLC media player
For details about VLC media player, click here
VLC media player: click here
This article permanently updates the link address: