EPSS
Percentile
72.3%
videojs is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script via rc attribute of track tag.
github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2
github.com/videojs/video.js/pull/7334