Cross-site Scripting (XSS)

Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the...

Malicious code in epic-web-video-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41136c89076d65b05c642e97a8f22ff9dd61e42848e70ee4203e4ead6041db7 The package epic-web-video-player was found to contain malicious code...

Malicious code in @forge-ui-components/media-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3352739bbbfe79ebecd02fae7c7026cc29a1c947649126c59f096d8cd4bbd02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1088 Malicious code in cs-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31da7e67ba7529d35ed63a33a168372ef7d7310512631390116d0f3707c4601f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in oz-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccd4984750ccb8433c4991e79a495781812915018bdcda89aca6be12fa2928a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Updated flash-player-plugin packages fix security vulnerability

Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code execution in the context of the current user. CVE-2020-3757...

Updated flash-player-plugin packages fix security vulnerability

A use after free that leads to arbitrary code execution. CVE-2019-7837...