CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

CVE-2026-6427

The WordPress plugin a3 Lazy Load (versions ≤ 2.7.6) is vulnerable to Stored XSS via crafted markup. A regex bug in _filter_videos() misquotes HTML attributes and, with unescaped output in admin/views/form-data.php, allows an authenticated Contributor to inject a script that executes in any view...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

EUVD-2014-1601

Malware in sbrugna...

EUVD-2009-1698

Malware in sbrugna...

EUVD-2011-3051

Malware in sbrugna...

EUVD-2011-3624

Malware in sbrugna...

SUSE CVE-2009-1703

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within 1 audio and 2 video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document...

SUSE CVE-2011-2618

Opera before 11.50 allows remote attackers to cause a denial of service application crash via web script that moves a 1 AUDIO element or 2 VIDEO element between windows...

SUSE CVE-2011-3665

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling...

SUSE CVE-2015-3417

Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

Design/Logic Flaw

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106)

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...

Mozilla Firefox and Firefox ESR HTMLVideoElement Interface Memory Error Vulnerability

Mozilla Firefox is an open source web browser. A memory error vulnerability exists in the Mozilla Firefox HTMLVideoElement interface, which allows remote attackers to modify the JavaScript code of the media element URI form to crash the application or execute arbitrary code...

Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106)

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...

UBUNTU-CVE-2015-4509

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...

Design/Logic Flaw

Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...