WEB APPLICATION VULNERABILITIES Standard & Premium

VideoJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23414)

Description

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

Remediation

References

Related Vulnerabilities

WordPress Plugin Page Restrict Open Redirect (2.2.3)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)

MySQL CVE-2021-2146 Vulnerability (CVE-2021-2146)

MyBB Improper Access Control Vulnerability (CVE-2016-9415)

Jenkins 7PK - Security Features Vulnerability (CVE-2014-9634)

Severity

Medium

Classification

CVE-2021-23414 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities