Lucene search
K

837 matches found

Snyk
Snyk
added 2026/05/19 2:44 p.m.8 views

Cross-site Scripting (XSS)

Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via the video-player component's source and source-data attributes. An attacker can execute arbitrary JavaScript in the victim's browser and...

9.3CVSS5.7AI score0.0023EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 2:44 p.m.15 views

HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is viewed. This enables attackers to execute arbitrary JavaScript in the context...

9.3CVSS6AI score0.0023EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41978

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of the component. The application fails to validate user-supplied input in the source and source-data attributes, allowing...

9.3CVSS5.3AI score0.0023EPSS
Exploits0References5
NVD
NVD
added 2026/04/12 1:16 p.m.5 views

CVE-2019-25689

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

8.6CVSS0.00206EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/12 12:28 p.m.4 views

CVE-2019-25689

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

8.6CVSS6.7AI score0.00206EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 12:28 p.m.4 views

CVE-2019-25689 HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

8.6CVSS6.7AI score0.00206EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/12 12:28 p.m.31 views

CVE-2019-25689 HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

8.6CVSS0.00206EPSS
Exploits1References3
CVE
CVE
added 2026/04/12 12:28 p.m.20 views

CVE-2019-25689

CVE-2019-25689 affects HTML5 Video Player version 1.2.5. The vulnerability is a local buffer overflow triggered by an oversized key code string entered into the KEY CODE field in the Help Register dialog, enabling arbitrary code execution and allowing an attacker to spawn a calculator process. Do...

8.6CVSS6.7AI score0.00206EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.9 views

HTML5 Video Player 缓冲区错误漏洞

Html5Videoplayer is a web video playback component implemented using HTML5 technology by Html5Videoplayer Inc. Version 1.2.5 of HTML5 Video Player contains a buffer overflow vulnerability, which stems from insufficient input validation of the KEYCODE field. This vulnerability could lead to a loca...

8.6CVSS6.3AI score0.00206EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.12 views

PT-2026-32159

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

8.6CVSS6.7AI score0.00206EPSS
Exploits1References4
NVD
NVD
added 2026/04/06 8:16 p.m.9 views

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS0.00134EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/03 11:43 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the admin/playerUpdate.json.php process. An attacker can modify the video player appearance across the platform by tricking an...

5.3CVSS5.8AI score0.00134EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.6 views

CVE-2026-30280

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

5.3CVSS6.4AI score0.00147EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/31 9:31 p.m.8 views

EUVD-2026-17593

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

6.4AI score0.00147EPSS
Exploits1References4
NVD
NVD
added 2026/03/31 8:16 p.m.4 views

CVE-2026-30280

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

5.3CVSS0.00147EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Rareprob Video player 安全漏洞

Rareprob Video Player is a mobile video player application developed by the Indian company Rareprob. It supports playback of videos in multiple formats and local media management. Version 1.0.135 of Rareprob Video Player contains a security vulnerability. This vulnerability stems from an issue...

5.3CVSS6.3AI score0.00147EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 12:0 a.m.27 views

CVE-2026-30280

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

0.00147EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 12:0 a.m.11 views

CVE-2026-30280

CVE-2026-30280 affects the video player product: Rareprob Video Player Play All Videos v1.0.135 from RAREPROB SOLUTIONS PRIVATE LIMITED. The weakness is an arbitrary file overwrite during the file import process, which can lead to arbitrary code execution or information exposure. All connected so...

5.3CVSS6.4AI score0.00147EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.4 views

CVE-2026-30280

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

6.4AI score0.00147EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29329

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

6.4AI score0.00147EPSS
Exploits1References3
Rows per page
Query Builder