iet-ou/open-media-player is vulnerable to cross-site scripting. The vulnerability exists in webvtt
function of timedtext.php
in the timedtext
controller which allows an attacker to inject and execute arbitrary scripts.
CPE | Name | Operator | Version |
---|---|---|---|
iet-ou/open-media-player | le | 2.1.0 | |
iet-ou/open-media-player | le | 2.1.0 |
github.com/advisories/GHSA-qff9-r3c8-wgm2
github.com/IET-OU/open-media-player/commit/155e6a040694ca18cf9cbc040c7264e2a7697ae7
github.com/IET-OU/open-media-player/commit/3f39f2d68d11895929c04f7b49b97a734ae7cd1f
github.com/IET-OU/open-media-player/issues/93
github.com/IET-OU/open-media-player/releases/tag/1.5.1
iet.eu.teamwork.com/desk/#/tickets/366419
vuldb.com/?ctiid.216862
vuldb.com/?id.216862