CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 3CVE-2021-23414 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. Esto afecta al paquete video.js antes de la versión 7.14.3. El atributo src de la etiqueta track permite eludir el escape de HTML y ejecutar código arbitrario • https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •