Lucene search
K

29 matches found

OSV
OSV
added 2021/08/10 4:9 p.m.3 views

GHSA-PP7M-6J83-M7R6 Cross-site Scripting in video.js

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

6.5CVSS6.6AI score0.02587EPSS
Exploits1References9
NVD
NVD
added 2021/07/28 8:15 a.m.18 views

CVE-2021-23414

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

6.5CVSS0.02587EPSS
Exploits1References7
Prion
Prion
added 2021/07/28 8:15 a.m.23 views

Hardcoded credentials

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

4.3CVSS8AI score0.02587EPSS
Exploits1References7Affected Software2
CVE
CVE
added 2021/07/28 7:20 a.m.125 views

CVE-2021-23414

CVE-2021-23414 affects video.js prior to 7.14.3, where the src attribute of the track tag bypasses HTML escaping, enabling arbitrary code execution in contexts that use compromised Video.js. The Nessus entries tie Moodle installations (and other apps) to this CVE via Video.js; Fedora advisories m...

6.5CVSS6.8AI score0.02587EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2021/07/28 12:0 a.m.7 views

PT-2021-15503 · Video.Js +1 · Video.Js +1

Name of the Vulnerable Software and Affected Versions: video.js versions prior to 7.14.3 Description: The issue allows bypassing HTML escaping and executing arbitrary code through the src attribute of the track tag. Recommendations: For versions prior to 7.14.3, update to version 7.14.3 or later ...

9.8CVSS6.7AI score0.02587EPSS
Exploits2References58
CNNVD
CNNVD
added 2021/07/28 12:0 a.m.4 views

video.js 跨站脚本漏洞

video.js is an application. A web video player built for the HTML5 world. A cross-site scripting vulnerability exists in video.js that allows bypassing HTML escaping and executing arbitrary code...

6.5CVSS6AI score0.02587EPSS
Exploits1References11
vulnersOsv
vulnersOsv
added 2021/07/26 2:19 p.m.3 views

@acanto/core (>=0.1.96 <=1.1.7), @acanto/core-orchestrations (>=0.0.59 <=0.2.0) +23 more potentially affected by CVE-2021-23414 via video.js (>=7.10.0 <=7.14.2)

video.js NPM version =7.10.0, =0.1.96, =0.0.59, =0.0.12, =1.24.1-dev.0, =1.1.25, =0.0.1-alpha.0, =1.1.7, =1.3.20, =1.0.14, =0.1.0, =1.0.0, =2.1.3, =2.0.0, =2.6.2 and more Source cves: CVE-2021-23414 Source advisory: SNYK:JS-VIDEOJS-1533429...

6.5CVSS6.5AI score0.02587EPSS
Exploits1
Snyk
Snyk
added 2021/07/26 2:19 p.m.6 views

Cross-site Scripting (XSS)

Overview video.js is a web video player built from the ground up for an HTML5 world. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. PoC by Snyk js The PoC triggers browser to...

6.5CVSS6.6AI score0.02587EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/11/14 9:7 p.m.41 views

PortSwigger Web Security: XSS in IE11 on portswigger.net via Flash

Hello Portswigger Security Team, There is a reflective XSS vulnerability in portswigger.net. The flash file https://portswigger.net/burp/tutorials/video-js/video-js.swf is from an old video.js library version 3.2.0 which is vulnerable to XSS. This XSS will be blocked by CSP instruction object-src...

0.4AI score
Exploits0
Rows per page
Query Builder