{"id":"CVE-2017-6391","details":"An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"admin_console/web/tools/SimpleJWPlayer.php\" URL, the \"admin_console/web/tools/AkamaiBroadcaster.php\" URL, the \"admin_console/web/tools/bigRedButton.php\" URL, and the \"admin_console/web/tools/bigRedButtonPtsPoc.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.","modified":"2025-11-14T05:24:20.845341Z","published":"2017-03-02T06:59:00.340Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/96534"},{"type":"FIX","url":"https://github.com/kaltura/server/issues/5300"},{"type":"FIX","url":"https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kaltura/server","events":[{"introduced":"0"},{"fixed":"041a6d5e8336f7713985b120139c8f4b6279a337"}]}],"versions":["IX-9.0.0-rel","IX-9.11.0-rel","IX-9.12.0-rel","IX-9.13.0-rel","IX-9.14.0-rel","IX-9.15.0-rel","IX-9.16.0-rel","IX-9.17.0-rel","IX-9.18.0-rel","IX-9.19.0-part2-rel","IX-9.19.0-rel","IX-9.19.1-rel","IX-9.19.2-rel","IX-9.19.3-rel","IX-9.19.4-rel","IX-9.19.5-rel","IX-9.19.6-rel","IX-9.19.7-rel","IX-9.19.8-rel","IX-9.3.0-rel","IX-9.5.0-rel","IX-9.6.0-rel","IX-9.8.0-rel","IX-9.9.0-rel","Jupiter-10.0.0-rel","Jupiter-10.1.0-rel","Jupiter-10.10.0-rel","Jupiter-10.11.0-rel","Jupiter-10.12.0-rel","Jupiter-10.13.0-rel","Jupiter-10.14.0-rel","Jupiter-10.15.0-rel","Jupiter-10.16.0-rel","Jupiter-10.17.0-rel","Jupiter-10.18.0-rel","Jupiter-10.19.0-rel","Jupiter-10.2.0-rel","Jupiter-10.20.0-rel","Jupiter-10.21.0-rel","Jupiter-10.3.0-rel","Jupiter-10.4.0-rel","Jupiter-10.5.0-rel","Jupiter-10.6.0-rel","Jupiter-10.7.0-rel","Jupiter-10.8.0-rel","Jupiter-10.9.0-rel","Kajam-11.0.0-rel","Kajam-11.10.0-rel","Kajam-11.11.0-rel","Kajam-11.12.0-rel","Kajam-11.13.0-rel","Kajam-11.14.0-rel","Kajam-11.15.0-rel","Kajam-11.16.0-rel","Kajam-11.17.0-rel","Kajam-11.18.0-rel","Kajam-11.19.0-rel","Kajam-11.2.0-rel","Kajam-11.20.0-rel","Kajam-11.21.0-rel","Kajam-11.3.0-rel","Kajam-11.4.0-rel","Kajam-11.5.0-rel","Kajam-11.6.0-rel","Kajam-11.7.0-rel","Kajam-11.8.0-rel","Kajam-11.9.0-rel","Lynx-12.0.0-rel","Lynx-12.1.0-rel","Lynx-12.10.0-rel","Lynx-12.11.0-rel","Lynx-12.2.0-rel","Lynx-12.3.0-rel","Lynx-12.4.0-rel","Lynx-12.5.0-rel","Lynx-12.6.0-rel","Lynx-12.7.0-rel","Lynx-12.8.0-rel","Lynx-12.9.0-rel","kajam-11.1.0-rel"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6391.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}