Flash & HTML5 Video

Authenticated (Contributor+) DOMBased Stored CrossSite Scripting via heading Parameter vulnerability <= 2.5.35

Missing Authorization in multiple functions via h5vp_ajax_handler vulnerability <= 2.5.32

Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability <= 2.5.34

Sensitive Data Exposure vulnerability <= 2.5.31

Broken Access Control vulnerability <= 2.5.30