These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-6392 is a cross-site scripting flaw in Kaltura Server Lynx-12.11.0. The issue is caused by insufficient filtering of user-supplied data sent to the admin_console/web/tools/XmlJWPlayer.php endpoint, allowing injected HTML or script to run in a browser in the context of the vulnerable site. NVD rates the issue 6.1 MEDIUM with network exposure and required user interaction.
CVE-2017-6391 is a cross-site scripting (XSS) vulnerability in Kaltura Server Lynx-12.11.0. The issue affects multiple admin_console web tool URLs and can let attacker-controlled HTML or script execute in a browser in the context of the vulnerable Kaltura website. Because exploitation requires user interaction and can affect authenticated admin workflows, it should be treated as a meaningful web applicati [truncated]