5 matches found
Cross-site Scripting (XSS)
org.opencastproject:opencast-common is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unfiltered rendering of user-supplied metadata in the paella player, which allows an attacker with write access to inject malicious HTML or JavaScript that executes in viewers’ browsers...
CVE-2025-61788
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting
Prior to Opencast 17.8 and 18.2 the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. Impact The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers ...
GHSA-M2VG-RMQ6-P62R Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting
Prior to Opencast 17.8 and 18.2 the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. Impact The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers ...
PT-2025-41331
🟠 Opencast Paella Player, Cross-Site Scripting, CVE-2025-45404 Moderate https://t.co/mRBu2O3aax...