3 matches found
CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...
CVE-2025-61788
Opencast Paella Player 7 is vulnerable to cross-site scripting prior to versions 17.8 and 18.2. The issue stems from unfiltered user-supplied metadata being rendered in the player, enabling injection of HTML/JavaScript that executes in viewers’ browsers. Exploitation requires write access to the ...
PT-2025-41331
🟠 Opencast Paella Player, Cross-Site Scripting, CVE-2025-45404 Moderate https://t.co/mRBu2O3aax...