PatchSiren cyber security CVE debrief

CVE-2017-6392 Kaltura CVE debrief

CVE-2017-6392 is a cross-site scripting flaw in Kaltura Server Lynx-12.11.0. The issue is caused by insufficient filtering of user-supplied data sent to the admin_console/web/tools/XmlJWPlayer.php endpoint, allowing injected HTML or script to run in a browser in the context of the vulnerable site. NVD rates the issue 6.1 MEDIUM with network exposure and required user interaction.

Vendor: Kaltura
Product: CVE-2017-6392
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-02
Original CVE updated: 2026-05-13
Advisory published: 2017-03-02
Advisory updated: 2026-05-13

Who should care

Administrators and security teams running Kaltura Server, especially deployments that expose the admin console or related web tools to users who may influence request parameters. Web application defenders should also care because the weakness is a classic browser-side injection issue with potential session or UI impact.

Technical summary

NVD maps this issue to CWE-79 and describes it as insufficient filtration of user-controlled input in XmlJWPlayer.php. The published CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which indicates remote reachability, no privileges required, user interaction required, and scope change through execution in the browser context. The vulnerable CPE coverage in NVD ends at Kaltura Server lynx-12.11.0. A vendor patch is referenced in the linked GitHub commit and related issue.

Defensive priority

Medium. The vulnerability is remotely reachable and can affect browser sessions, but it requires user interaction and is not rated as impacting availability. Prioritize remediation if the admin console or affected tool is accessible to users or if the application handles sensitive administrative workflows.

Recommended defensive actions

Upgrade or remediate Kaltura Server beyond lynx-12.11.0, using the vendor-linked patch as the primary reference.
Review XmlJWPlayer.php and adjacent request-handling code for proper input validation, output encoding, and context-appropriate escaping.
Restrict access to the admin console and related tools to trusted administrative users and networks while remediation is in progress.
Verify that security controls such as CSP, session protections, and server-side output encoding are in place to reduce XSS impact.
Check for signs of stored or reflected XSS abuse in logs, especially requests targeting admin_console/web/tools/XmlJWPlayer.php.

Evidence notes

The description, CVSS vector, CWE mapping, affected CPE, and references all come from the supplied NVD record. The vendor patch reference and issue reference are included in the source corpus. No exploit code or weaponized reproduction details are included.

Official resources

CVE-2017-6392 CVE record
CVE.org
CVE-2017-6392 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Patch
Mitigation or vendor reference
[email protected] - Patch, Third Party Advisory

Published by NVD/CVE on 2017-03-02. The supplied record was last modified on 2026-05-13. Vendor patch and issue references are included in the official CVE metadata.