Gary Katsevman

1 exploit Active since Jul 2021
CVE-2021-23414 WRITEUP MEDIUM WRITEUP
video.js < 7.14.3 - Cross-Site Scripting via Track Tag Src Attribute
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
CVSS 6.5