Cross-site scripting in jPlayer
Wt is shipping an old version of jPlayer plagued by security issues, the most recent of them CVE-2013-1942
Updated by Pau Garcia i Quiles over 8 years ago
Also, 2.2.0 is not the right version to upgrade to. You need at least 2.2.24, which includes the security fixes. The only way to get that version is GitHub (I've been trying to convince the jPlayer developer to do proper releases for minor versions
tarballs, branches and tags but it's going to take a bit of time)
And the themes from the zip files (2.2.0)
BTW, jPlayer requires jQuery 1.4.2, you are still shipping 1.4.1pre. The differences are probably small but it might be worth keeping an eye on that.