CVE-2018-0642

Description

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

• foliovision / FV Flowplayer Video Player6.1.2 to 6.6.4 – 6.1.2 to 6.6.4

References

• MISChttps://wordpress.org/plugins/fv-wordpress-flowplayer/#developers
• MISChttp://jvn.jp/en/jp/JVN70246549/index.html