videojs/video.js
Releases533
Frequency1 week 3 days
Last Release
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| <= 4.5.0 | 5.4 MEDIUM | — | ||
The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| < 7.14.3 | 6.5 MEDIUM | 4.3 MEDIUM | ||
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. | ||||