MidnightBSD

Advisories for videojs

CVE-2021-23414 MEDIUM

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 37
fedoraproject fedora 36
videojs video.js *