Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-3565

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.

Related bugs and status

CVE-2013-3565 (Candidate) is related to these bugs:

Bug #1186780: Please update VLC (for security issues)

		In	Importance	Status
1186780	Please update VLC (for security issues)	vlc (Ubuntu)	Undecided	Fix Released
1186780	Please update VLC (for security issues)	vlc (Ubuntu Precise)	Undecided	Fix Released
1186780	Please update VLC (for security issues)	vlc (Ubuntu Quantal)	Undecided	Fix Released
1186780	Please update VLC (for security issues)	vlc (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://git.videolan.or...
MISC: http://lists.opensuse....
MISC: http://www.videolan.or...
MISC: https://www3.trustwave...