WordPress Videojs HTML5 Player plugin <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Videojs HTML5 Player versions = 1.1.11...

CVE-2024-5205 Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode

The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-35105 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: Videojs HTML5 Player plugin for WordPress versions up to, and including, 1.1.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's videojs video shortcode. This...

CVE-2022-3985

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2022-3985

CVE-2022-3985 affects the Videojs HTML5 Player WordPress plugin prior to 1.1.9. The vulnerability arises from insufficient validation and escaping of shortcode attributes, enabling a stored Cross-Site Scripting (XSS) attack. Impact can occur with a low-privilege user role (contributor) when a cra...

CVE-2022-3985 Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

PT-2022-25039 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: Videojs HTML5 Player WordPress plugin versions prior to 1.1.9 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting attacks. Users with a role as low a...

WordPress plugin Videojs HTML5 Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post videojsvideo...