CVE-2017-6391

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6391
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6391.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6391
Published
2017-03-02T06:59:00Z
Modified
2025-01-08T10:30:03.281359Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php" URL, and the "adminconsole/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

References

Affected packages

Git / github.com/kaltura/server

Affected ranges

Type
GIT
Repo
https://github.com/kaltura/server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

IX-9.*

IX-9.0.0-rel
IX-9.11.0-rel
IX-9.12.0-rel
IX-9.13.0-rel
IX-9.14.0-rel
IX-9.15.0-rel
IX-9.16.0-rel
IX-9.17.0-rel
IX-9.18.0-rel
IX-9.19.0-part2-rel
IX-9.19.0-rel
IX-9.19.1-rel
IX-9.19.2-rel
IX-9.19.3-rel
IX-9.19.4-rel
IX-9.19.5-rel
IX-9.19.6-rel
IX-9.19.7-rel
IX-9.19.8-rel
IX-9.3.0-rel
IX-9.5.0-rel
IX-9.6.0-rel
IX-9.8.0-rel
IX-9.9.0-rel

Jupiter-10.*

Jupiter-10.0.0-rel
Jupiter-10.1.0-rel
Jupiter-10.10.0-rel
Jupiter-10.11.0-rel
Jupiter-10.12.0-rel
Jupiter-10.13.0-rel
Jupiter-10.14.0-rel
Jupiter-10.15.0-rel
Jupiter-10.16.0-rel
Jupiter-10.17.0-rel
Jupiter-10.18.0-rel
Jupiter-10.19.0-rel
Jupiter-10.2.0-rel
Jupiter-10.20.0-rel
Jupiter-10.21.0-rel
Jupiter-10.3.0-rel
Jupiter-10.4.0-rel
Jupiter-10.5.0-rel
Jupiter-10.6.0-rel
Jupiter-10.7.0-rel
Jupiter-10.8.0-rel
Jupiter-10.9.0-rel

Kajam-11.*

Kajam-11.0.0-rel
Kajam-11.10.0-rel
Kajam-11.11.0-rel
Kajam-11.12.0-rel
Kajam-11.13.0-rel
Kajam-11.14.0-rel
Kajam-11.15.0-rel
Kajam-11.16.0-rel
Kajam-11.17.0-rel
Kajam-11.18.0-rel
Kajam-11.19.0-rel
Kajam-11.2.0-rel
Kajam-11.20.0-rel
Kajam-11.21.0-rel
Kajam-11.3.0-rel
Kajam-11.4.0-rel
Kajam-11.5.0-rel
Kajam-11.6.0-rel
Kajam-11.7.0-rel
Kajam-11.8.0-rel
Kajam-11.9.0-rel

Lynx-12.*

Lynx-12.0.0-rel
Lynx-12.1.0-rel
Lynx-12.10.0-rel
Lynx-12.11.0-rel
Lynx-12.2.0-rel
Lynx-12.3.0-rel
Lynx-12.4.0-rel
Lynx-12.5.0-rel
Lynx-12.6.0-rel
Lynx-12.7.0-rel
Lynx-12.8.0-rel
Lynx-12.9.0-rel

kajam-11.*

kajam-11.1.0-rel