Cross-Site Scripting (XSS)

iet-ou/open-media-player is vulnerable to cross-site scripting. The vulnerability exists in webvtt function of timedtext.php in the timedtext controller which allows an attacker to inject and execute arbitrary scripts...