This affects the package video.js prior to 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
videojs video.js |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
fedoraproject fedora 37 |