ownCloud brought this to my intention (they use it, I'm guessing other
people use it as well.

https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d

Please use CVE-2013-1942 for this issue. The only contact info I can
find is hello () happyworm com for upstream.
8 	8 	  *  - http://www.gnu.org/copyleft/gpl.html
9 	9 	  *
10 	10 	  * Author: Mark J Panaghiston
11 	  	- * Version: 2.2.19
12 	  	- * Date: 29th January 2013
  	11 	+ * Version: 2.2.20
  	12 	+ * Date: 21st March 2013
13 	13 	  *
14 	14 	  * FlashVars expected: (AS3 property of: loaderInfo.parameters)
15 	15 	  *  id:   (URL Encoded: String) Id of jPlayer instance
... 	... 	@@ -70,7 +70,7 @@ package {
70 	70 	     private var isVideo:Boolean = false;
71 	71 	 
72 	72 	     private var securityIssue:Boolean = false; // When SWF parameters contain illegal characters
73 	  	-    private var directAccess:Boolean = false; // When SWF visited directly with no parameters
  	73 	+    private var directAccess:Boolean = false; // When SWF visited directly with no parameters (or when security issue detected)
74 	74 	 
75 	75 	     private var txLog:TextField;
76 	76 	     private var debug:Boolean = false; // Set debug to false for release compile!
... 	... 	@@ -233,12 +233,12 @@ package {
233 	233 	         }
234 	234 	         i++;
235 	235 	       }
236 	  	-      if(i === 0) {
  	236 	+      if(i === 0 || securityIssue) {
237 	237 	         directAccess = true;
238 	238 	       }
239 	239 	     }
240 	240 	     private function illegalChar(s:String):Boolean {
241 	  	-      var illegals:String = "' \" ( ) { } * + /";
  	241 	+      var illegals:String = "' \" ( ) { } * + / \\ < > = document";
242 	242 	       if(Boolean(s)) { // Otherwise exception if parameter null.
243 	243 	         for each (var illegal:String in illegals.split(' ')) {
244 	244 	           if(s.indexOf(illegal) >= 0) {