Candidate: CVE-2013-2022
PublicDate: 2013-08-17 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022
 http://www.openwall.com/lists/oss-security/2013/04/29
 http://www.jplayer.org/2.3.0/release-notes/
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in
 actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer
 before 2.2.23 allow remote attackers to inject arbitrary web script or HTML
 via the (1) jQuery or (2) id parameters, a different vulnerability than
 CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert
 function in the jQuery parameter.  NOTE: these are the same parameters as
 CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the
 jQuery parameter.
Ubuntu-Description:
Notes:
 seth-arnold> probably duplicate of CVE-2013-1942
Bugs:
Priority: medium
Discovered-by: Malte Batram
Assigned-to:
CVSS: 

Patches_jplayer:
 upstream: https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d
upstream_jplayer: released (2.2.20, 2.3.0)
hardy_jplayer: DNE
lucid_jplayer: DNE
oneiric_jplayer: ignored (reached end-of-life)
precise_jplayer: ignored (reached end-of-life)
precise/esm_jplayer: DNE (precise was needed)
quantal_jplayer: ignored (reached end-of-life)
raring_jplayer: ignored (reached end-of-life)
saucy_jplayer: ignored (reached end-of-life)
trusty_jplayer: ignored (reached end-of-life)
trusty/esm_jplayer: DNE (trusty was needed)
utopic_jplayer: ignored (reached end-of-life)
vivid_jplayer: ignored (reached end-of-life)
vivid/stable-phone-overlay_jplayer: DNE
vivid/ubuntu-core_jplayer: DNE
wily_jplayer: ignored (reached end-of-life)
xenial_jplayer: ignored (end of standard support, was needed)
yakkety_jplayer: ignored (reached end-of-life)
zesty_jplayer: ignored (reached end-of-life)
artful_jplayer: ignored (reached end-of-life)
bionic_jplayer: needed
cosmic_jplayer: ignored (reached end-of-life)
disco_jplayer: DNE
eoan_jplayer: DNE
focal_jplayer: DNE
groovy_jplayer: DNE
hirsute_jplayer: DNE
impish_jplayer: DNE
jammy_jplayer: DNE
devel_jplayer: DNE