There has been some talk about cross scripting vulnerabilities in the JW Player recently. PoodLL since around April has shipped with the JW Player as an option. We added it because the audio/video players we used at the time did not work well with screen readers.
Almost nobody uses the JW Player with PoodLL, so we will be removing it from PoodLL, and site admins should delete the JW Player from existing PoodLL installations. Even if you don’t use it, please delete it.
The JW player is located at [PATH TO MOODLE]/filter/poodll/jwplayer59 . You should delete the entire jwplayer59 folder since we won’t need it anymore.
Note that the JW Player is one of the most common flash audio/video players on the internet and this is not a vulnerability specific to PoodLL, or even to all versions of the JW player. But nobody wants a potential security problem on their site, so lets just remove the JW player and get on with educating. If you have any questions or concerns about it, please contact me directly via the form on the contact page .