13 matches found
EUVD-2021-1823
Malware in sbrugna...
EUVD-2017-14491
Malware in sbrugna...
GHSA-PP7M-6J83-M7R6 Cross-site Scripting in video.js
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
Cross-site Scripting(XSS)
videojs is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script via rc attribute of track tag...
CVE-2021-23414 Cross-site Scripting (XSS)
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
CVE-2021-23414
CVE-2021-23414 affects video.js prior to 7.14.3, where the src attribute of the track tag bypasses HTML escaping, enabling arbitrary code execution in contexts that use compromised Video.js. The Nessus entries tie Moodle installations (and other apps) to this CVE via Video.js; Fedora advisories m...
PT-2021-15503 · Video.Js +1 · Video.Js +1
Name of the Vulnerable Software and Affected Versions: video.js versions prior to 7.14.3 Description: The issue allows bypassing HTML escaping and executing arbitrary code through the src attribute of the track tag. Recommendations: For versions prior to 7.14.3, update to version 7.14.3 or later ...
Cross-site Scripting (XSS)
Overview video.js is a web video player built from the ground up for an HTML5 world. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. PoC by Snyk js The PoC triggers browser to...
CVE-2017-5387
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...
Double free
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...
CVE-2017-5387
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...
CVE-2017-14627
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the 1 author inside the INFORMATION tag, 2 name inside the INFORMATION tag, 3 artist inside the TRACK tag, or 4 default inside the TEXT tag parameter in an lpp project file...
CVE-2017-5387
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...