org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

EUVD-2022-43314

Malicious code in bioql PyPI...

MAL-2025-38364 Malicious code in videojs-ffxnz-overlay (npm)

The package videojs-ffxnz-overlay was found to contain malicious code...

Malicious code in videojs-ffxnz-overlay (npm)

The package videojs-ffxnz-overlay was found to contain malicious code...

Malicious code in media_videojs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9e2d4c098696f8d6f785f1e8a2674e14ce4fba193940fd5ed1fbe6eb8f1e266 Any computer that has this package installed or running should be considered...

CVE-2024-5205

The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2022-3985

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

PT-2025-7747 · Unknown · Video.Js Hls Player

Name of the Vulnerable Software and Affected Versions: Video.js HLS Player versions 1.0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a DOM-Based XSS...

Malicious code in videojs-sneakpeek (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50ede982076cae3541cce714f8770049de3c4cea94a0049eb7ed6e2273852255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9203 Malicious code in videojs-sneakpeek (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50ede982076cae3541cce714f8770049de3c4cea94a0049eb7ed6e2273852255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview videojs-sneakpeek is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between tha...

WordPress Videojs HTML5 Player plugin <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Videojs HTML5 Player versions = 1.1.11...

CVE-2024-5205

The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5205 Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode

The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-35105 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: Videojs HTML5 Player plugin for WordPress versions up to, and including, 1.1.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's videojs video shortcode. This...

WordPress Videojs HTML5 Player Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software Videojs HTML5 Player Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5205 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9eab4c8d8c5e Credits Krzysztof Zając...

Videojs HTML5 Player < 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode

Description The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

GHSA-JQ9Q-6P42-QPR7 Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

This Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...