Candidate: CVE-2014-9743
PublicDate: 2015-08-17 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9743
 http://www.quantumleap.it/vlc-reflected-xss-vulnerability/
 http://seclists.org/fulldisclosure/2014/Mar/324
Description:
 Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in
 network/httpd.c in the web interface in VideoLAN VLC Media Player before
 2.2.0 allows remote attackers to inject arbitrary web script or HTML via
 the path info.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Francesco Perna and Pietro Minniti
Assigned-to:
CVSS: 

Patches_vlc:
 upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b
upstream_vlc: released (2.2.0)
precise_vlc: ignored (reached end-of-life)
precise/esm_vlc: DNE (precise was needed)
trusty_vlc: released (2.1.6-0ubuntu14.04.2)
trusty/esm_vlc: DNE (trusty was released [2.1.6-0ubuntu14.04.2])
vivid_vlc: not-affected (2.2.0-1)
vivid/stable-phone-overlay_vlc: DNE
vivid/ubuntu-core_vlc: DNE
wily_vlc: not-affected (2.2.1-2build1)
xenial_vlc: not-affected (2.2.1-2build1)
yakkety_vlc: not-affected (2.2.1-2build1)
zesty_vlc: not-affected (2.2.1-2build1)
devel_vlc: not-affected (2.2.1-2build1)