2 matches found
CVE-2020-7642
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript...
CVE-2020-7642
CVE-2020-7642 affects lazysizes up to version 5.2.0, where the video-embed plugin fails to sanitize attributes data-vimeo, data-vimeoparams, data-youtube, and data-ytparams, enabling injection of malicious JavaScript. The vulnerability is tied to how untrusted payloads can be executed through the...