Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-mh6m-sbyf-dkag
Vulnerability ID VCID-mh6m-sbyf-dkag
Aliases CVE-2013-3565
Summary Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2013-3565
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2013-3565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3565
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.51819
EPSS Score 0.00282
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T13:41:42.880114+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0