Vimeo: Stored XSS on player.vimeo.com

Description The page loaded for the Vimeo embedded player prints the Name of the owner of the video in Javascript context. Some characters are escaped, like " but others like , and - if the video is public - any Vimeo user can be affected by the Javascript code that is loaded. However, there is a...