Detections
Analytics

VLC Web Interface XML Services XSS

medium Nessus Plugin ID 69018

Language:

Synopsis

The remote web server is affected by cross-site scripting vulnerability.

Description

The VLC media player install on the remote host is affected by a cross-site scripting vulnerability because it fails to sanitize input passed via XML services in the web interface.

Note that the install is likely to be affected by additional vulnerabilities as well, although Nessus has not tested for these issues.

Solution

Upgrade to VLC 2.0.7 or later.

See Also

http://www.videolan.org/vlc/releases/2.0.7.html

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2013-007/?fid=3876&dl=1

http://www.nessus.org/u?6f33883d

Plugin Details

Severity: Medium

ID: 69018

File Name: vlc_web_xml_services_xss.nasl

Version: 1.5

Type: remote

Published: 7/23/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Required KB Items: www/VLC/installed

Exploit Ease: No exploit is required

Patch Publication Date: 5/26/2013

Vulnerability Publication Date: 6/10/2013

Reference Information

CVE: CVE-2013-3564

BID: 60705

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990