videojs/video.js

videojs/video.js

Releases533
Frequency1 week 3 days
Last Release

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
<= 4.5.05.4 MEDIUM

The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

< 7.14.36.5 MEDIUM4.3 MEDIUM

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.