CVE-2019-25689

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

CVE-2026-4083

The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in all versions up to, and including, 1.2. The shortcode function sfhgshortcode allows arbitrary HTML attributes to be added to the rendered element, with only a...

CVE-2019-25294

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

CVE-2025-27005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...

EUVD-2025-204123

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through = 1.2.1.6...

CVE-2025-53564

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbgradioplayeraddonvisualcomposer allows Reflected XSS.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a...

PT-2025-33924 · Lambertgroup · Lambertgroup Apollo

Name of the Vulnerable Software and Affected Versions: LambertGroup Apollo - Sticky Full Width HTML5 Audio Player versions through 3.4 Description: This issue involves improper neutralization of input during web page generation, leading to a reflected cross-site scripting XSS condition...

MAL-2025-6906 Malicious code in @mobile-sdk/videoads-ad-video-player-html5 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

AZL-64320 CVE-2025-6498 affecting package tidy 5.8.0-6

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be...

AZL-64323 CVE-2025-6497 affecting package tidy 5.8.0-6

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public an...

DEBIAN-CVE-2025-6496

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML elements and attributes. An attacker can inject malicious scripts by exploiting the overridden sanitizer configurations that allow certain HTML5 elements. Note Exploiting...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML elements and attributes. An attacker can inject malicious scripts by exploiting the overridden sanitizer configurations that allow certain HTML5 noscript element Note: Th...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML elements and attributes. An attacker can inject malicious scripts by exploiting the overridden sanitizer configurations that allow certain HTML5 elements such as math,...

WordPress HTML5 Video Player plugin <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler vulnerability

Missing Authorization in multiple functions via h5vpajaxhandler vulnerability discovered by Lucio Sá in WordPress Plugin Flash & HTML5 Video versions = 2.5.32...

WordPress HTML5 Video Player plugin <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Plugin Flash & HTML5 Video versions = 2.5.34...

WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Flash & HTML5 Video versions = 2.5.30...

CVE-2024-6148

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5...

WordPress HTML5 Audio Player plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin Html5 Audio Player versions = 2.2.19...

PT-2024-16405 · Unknown · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player version 2.5.25 Description: The issue is an unauthenticated SQL injection vulnerability. It affects the id parameter in the get view function. Recommendations: For version 2.5.25, update to version 2.5.25 or later to resolv...