mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 22:35:37 +02:00
0xMarcio
765 B
765 B
CVE-2021-23414
&color=brighgreen)
Description
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
POC
Reference
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587
- https://snyk.io/vuln/SNYK-JS-VIDEOJS-1533429