An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the βadmin_console/web/tools/SimpleJWPlayer.phpβ URL, the βadmin_console/web/tools/AkamaiBroadcaster.phpβ URL, the βadmin_console/web/tools/bigRedButton.phpβ URL, and the βadmin_console/web/tools/bigRedButtonPtsPoc.phpβ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.