From 385b250c01403d928d8c2f52749e82e20a45a4b4 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Sat, 15 Jun 2013 16:53:22 +0300
Subject: [PATCH] Added VideoJS XSS in plugins

---
 data/plugin_vulns.xml | 48 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index d2625acd..2195aac4 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -3,6 +3,54 @@
 <vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:noNamespaceSchemaLocation="vuln.xsd">
 
+  <plugin name="s3-video">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53437/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
+      <type>XSS</type>
+      <fixed_in>0.98</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="video-embed-thumbnail-generator">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53426/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
+      <type>XSS</type>
+      <fixed_in>4.1</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="1player">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53445/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
+      <type>XSS</type>
+      <fixed_in>1.4</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="external-video-for-everybody">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53396/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
+      <type>XSS</type>
+      <fixed_in>2.1</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="EasySqueezePage">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+  
   <plugin name="crayon-syntax-highlighter">
     <vulnerability>
       <title>Crayon Syntax Highlighter Remote File Inclusion</title>