This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
References
Configurations
History
07 Nov 2023, 03:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-07-28 08:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-23414
Mitre link : CVE-2021-23414
CVE.ORG link : CVE-2021-23414
JSON object : View
Products Affected
fedoraproject
- fedora
videojs
- video.js
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')