Known Security Vulnerabilities in Web Libraries
Updated: September 15, 2014
If you know of a web library with a vulnerability that we have listed please contact us.
Flowplayer Flash
Flowplayer Flash 3.2.17 fixed a "cross-site scripting (XSS) vulnerability" in the library.
jPlayer
jPlayer 2.3.2 fixed a "Flash SWF security vulnerability that enabled XSS (Cross Site Scripting)" in the library.
jQuery
jQuery 1.6.3 fixed a "XSS attack vector" in the library.
Open Flash Charts 2
Open Flash Charts prior to Open Flash Charts 2 - Community version 0.24 contained a file upload vulnerability.
phpCas
"All phpCAS versions before 1.3.2 have multiple security issues".
Plupload
Plupload 1.5.5 fixed a "cross-site scripting vulnerability" in the library.
SWFUpload
The current version of SWFUpload, 2.2.0.1, contains a cross-site script (XSS) vulnerability. A patched version is available from the WordPress Developers.
TinyMCE - spellchecker
TinyMCE - spellchecker 2.0.6.1 "includes an important security upgrade where it's possible to use the Google spellchecker logic to make requests to remote servers".
Video.js
Video.js versions prior to 3.0.2 and 4.0 are vulnerable to cross-site scripting (XSS).
ZeroClipboard
ZeroClipboard 1.3.2 "fixed a reported security vulnerability that allowed for XSS attacks" in the library.