CVE-2022-32271

CRITICAL Year: 2022
CVSS v3 Score
9.6
Critical
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.

Related Vulnerabilities

CVE-2011-3642

CRITICAL
CVSS:9.6(Critical)

Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web scr...

CWE-792011

CVE-2014-5039

CRITICAL
CVSS:9.6(Critical)

Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-792014

CVE-2015-10073

CRITICAL
CVSS:9.6(Critical)

A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Proper...

CWE-792015

CVE-2015-20105

CRITICAL
CVSS:9.6(Critical)

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due t...

CWE-792015

CVE-2018-18864

CRITICAL
CVSS:9.6(Critical)

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

CWE-792018

CVE-2019-13363

CRITICAL
CVSS:9.6(Critical)

admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail&...

CWE-792019