Description
gifplayer is a customizable jquery plugin to play and stop animated gifs. gifplayer contains a cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 0.3.7.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/rubentd/gifplayer/security/advisories/GHSA-gr7w-hmch-25g7
Patch x_refsource_misc
https://github.com/rubentd/gifplayer/commit/2966193d4d066e5a6ba09dbdf1e1c7f8238630c8
Various Sources
https://www.drupal.org/sa-contrib-2025-032
Scores
CVSS v4
6.9
EPSS
0.0050
EPSS Percentile
66.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
npm/gifplayer
0 - 0.3.7npm
rubentd/gifplayer
< 0.3.7
Published
Mar 31, 2025
Tracked Since
Feb 18, 2026