mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
809 B
809 B
CVE-2021-23414
&color=brightgreen)
Description
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
POC
Reference
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587
- https://snyk.io/vuln/SNYK-JS-VIDEOJS-1533429