CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
6.5CVSS
7AI Score
0.004EPSS