Cross-site Scripting in video.js
Moderate severity
GitHub Reviewed
Published
Aug 10, 2021
•
Updated Aug 31, 2021
Affected versions
< 7.14.3
This affects the package video.js before 7.14.3.
The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
References
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
This affects the package video.js before 7.14.3.
The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
References