Lucene search
GoogleOSV:GHSA-PP7M-6J83-M7R6HistoryAug 10, 2021 - 4:09 p.m.
Cross-site Scripting in video.js
2021-08-1016:09:36
Google
osv.dev
12
video.js
cross-site scripting
html escaping
arbitrary code
EPSS
0.004
Percentile
72.3%
This affects the package video.js before 7.14.3.
The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
References
github.com/videojs/video.js
github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2
lists.fedoraproject.org/archives/list/[email protected]/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2
lists.fedoraproject.org/archives/list/[email protected]/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV
lists.fedoraproject.org/archives/list/[email protected]/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB
nvd.nist.gov/vuln/detail/CVE-2021-23414
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587
snyk.io/vuln/SNYK-JS-VIDEOJS-1533429
Related
cvelist
cvelist
CVE-2021-23414 Cross-site Scripting (XSS)
2021-07-28 07:20:11
prion
prion
Hardcoded credentials
2021-07-28 08:15:00
nessus
nessus
Moodle 3.9.x < 3.9.18 Cross-Site Scripting
2023-02-20 00:00:00
Moodle 3.11.x < 3.11.11 Cross-Site Scripting
2023-02-20 00:00:00
Fedora 36 : moodle (2022-f7fdcb1820)
2022-12-23 00:00:00
osv
osv
CVE-2021-23414
2021-07-28 08:15:07
github
github
Cross-site Scripting in video.js
2021-08-10 16:09:36
nodejs
nodejs
Cross-Site Scripting (XSS)
2021-08-10 16:10:32
openvas
openvas
Moodle < 3.9.18, 3.11.x < 3.11.11 XSS Vulnerability (MSA-22-0028)
2022-11-29 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2022-f7fdcb1820)
2022-12-07 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2022-74a9c8e95f)
2022-12-07 00:00:00
nvd
nvd
CVE-2021-23414
2021-07-28 08:15:07
veracode
veracode
Cross-site Scripting(XSS)
2021-07-29 04:39:10
cve
cve
CVE-2021-23414
2021-07-28 08:15:07
fedora
fedora
[SECURITY] Fedora 35 Update: moodle-3.11.11-1.fc35
2022-12-07 01:43:11
[SECURITY] Fedora 36 Update: moodle-3.11.11-1.fc36
2022-12-07 01:43:20
[SECURITY] Fedora 37 Update: moodle-4.1-1.fc37
2022-12-07 01:37:00
thn
thn
Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries
2022-01-10 14:35:00
threatpost
threatpost
URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More
2022-01-10 17:55:00