aFarkas/lazysizes on GitHub
High performance and SEO friendly lazy loader for images (responsive and normal), iframes and more, that detects any visibility changes triggered through user interaction, CSS or JavaScript without configuration.
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2020-7642 | 5.4 MEDIUM | 3.5 LOW | |
lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript. |