Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
XSS
Jplayer
NVD
GitHub
CVSS 2.0
4.3
EPSS
0.6%
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.
Information Disclosure
Pip
Fedora
NVD
GitHub
CVSS 2.0
2.1
EPSS
0.1%