CVE-2021-39350

CVE-2021-39350: FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting

Vendor Fv Flowplayer Video Player
Product FV Flowplayer Video Player
Weakness CWE-79 · XSS
Published October 6, 2021
Last update February 14, 2025

CVSS base score

What the vulnerability does

01Description

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.

Key dates

02Disclosure timeline

October 6, 2021 CVE published
February 14, 2025 Record updated