Cross-site Scripting (XSS)

org.opencastproject:opencast-common is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unfiltered rendering of user-supplied metadata in the paella player, which allows an attacker with write access to inject malicious HTML or JavaScript that executes in viewers’ browsers...

EUVD-2025-76072

Malicious code in paella-notthedevs npm...

Malicious code in paella-notthedevs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb8e46c875ced78d5fd42388fe79d3d5c2dced0e7d0a8cea1ca25e01ced3a8ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-61788

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting

Prior to Opencast 17.8 and 18.2 the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. Impact The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers ...

GHSA-M2VG-RMQ6-P62R Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting

Prior to Opencast 17.8 and 18.2 the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. Impact The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers ...

CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

CVE-2025-61788

Opencast Paella Player 7 is vulnerable to cross-site scripting prior to versions 17.8 and 18.2. The issue stems from unfiltered user-supplied metadata being rendered in the player, enabling injection of HTML/JavaScript that executes in viewers’ browsers. Exploitation requires write access to the ...

CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

PT-2025-41331

🟠 Opencast Paella Player, Cross-Site Scripting, CVE-2025-45404 Moderate https://t.co/mRBu2O3aax...

CVE-2022-41965 Opencast Authenticated OpenRedirect Vulnerability

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to...

PT-2022-26189 · Opencast · Opencast

Name of the Vulnerable Software and Affected Versions: Opencast versions prior to 12.5 Description: The vulnerability in Opencast's Paella authentication page allows attackers to redirect authenticated users to arbitrary URLs, potentially facilitating phishing attacks or other security issues. Th...