EUVD-2025-28559

Malicious code in bioql PyPI...

CVE-2024-5205 Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode

The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-35105 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: Videojs HTML5 Player plugin for WordPress versions up to, and including, 1.1.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's videojs video shortcode. This...

WordPress Videojs HTML5 Player Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software Videojs HTML5 Player Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5205 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9eab4c8d8c5e Credits Krzysztof Zając...

CVE-2022-3985

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2022-3985

CVE-2022-3985 affects the Videojs HTML5 Player WordPress plugin prior to 1.1.9. The vulnerability arises from insufficient validation and escaping of shortcode attributes, enabling a stored Cross-Site Scripting (XSS) attack. Impact can occur with a low-privilege user role (contributor) when a cra...

CVE-2022-3985 Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2022-3985 Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

PT-2022-25039 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: Videojs HTML5 Player WordPress plugin versions prior to 1.1.9 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting attacks. Users with a role as low a...

WordPress plugin Videojs HTML5 Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post videojsvideo url=...

Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post videojsvideo...

WordPress Videojs HTML5 Player plugin <= 1.1.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Videojs HTML5 Player plugin versions = 1.1.8. Solution Update the WordPress Videojs HTML5 Player plugin to the latest available version at least 1.1.9...

TechSmith Camtasia 7 / 8 Cross Site Scripting

Title: Reflected XSS in Flash files of TechSmith Camtasia 8 & 7 Author: Soroush Dalili @irsdl Affected Software: TechSmith Camtasia v8.4.4 latest 8.x & v7.1.1 latest 7.x Vendor URL: http://www.techsmith.com/camtasia-version-history.html Vendor Status: vulnerable CVE-ID: - Camtasia 8 v8.4.4 latest...

CVE-2014-9177

The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php...