29 matches found
GHSA-PP7M-6J83-M7R6 Cross-site Scripting in video.js
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
Hardcoded credentials
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
CVE-2021-23414
CVE-2021-23414 affects video.js prior to 7.14.3, where the src attribute of the track tag bypasses HTML escaping, enabling arbitrary code execution in contexts that use compromised Video.js. The Nessus entries tie Moodle installations (and other apps) to this CVE via Video.js; Fedora advisories m...
PT-2021-15503 · Video.Js +1 · Video.Js +1
Name of the Vulnerable Software and Affected Versions: video.js versions prior to 7.14.3 Description: The issue allows bypassing HTML escaping and executing arbitrary code through the src attribute of the track tag. Recommendations: For versions prior to 7.14.3, update to version 7.14.3 or later ...
video.js 跨站脚本漏洞
video.js is an application. A web video player built for the HTML5 world. A cross-site scripting vulnerability exists in video.js that allows bypassing HTML escaping and executing arbitrary code...
@acanto/core (>=0.1.96 <=1.1.7), @acanto/core-orchestrations (>=0.0.59 <=0.2.0) +23 more potentially affected by CVE-2021-23414 via video.js (>=7.10.0 <=7.14.2)
video.js NPM version =7.10.0, =0.1.96, =0.0.59, =0.0.12, =1.24.1-dev.0, =1.1.25, =0.0.1-alpha.0, =1.1.7, =1.3.20, =1.0.14, =0.1.0, =1.0.0, =2.1.3, =2.0.0, =2.6.2 and more Source cves: CVE-2021-23414 Source advisory: SNYK:JS-VIDEOJS-1533429...
Cross-site Scripting (XSS)
Overview video.js is a web video player built from the ground up for an HTML5 world. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. PoC by Snyk js The PoC triggers browser to...
PortSwigger Web Security: XSS in IE11 on portswigger.net via Flash
Hello Portswigger Security Team, There is a reflective XSS vulnerability in portswigger.net. The flash file https://portswigger.net/burp/tutorials/video-js/video-js.swf is from an old video.js library version 3.2.0 which is vulnerable to XSS. This XSS will be blocked by CSP instruction object-src...