CVE

CVE-2021-23414

CVE-2021-23414

This affects the package video.js before 7.14.3.
The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

Source: CVE-2021-23414

Exit mobile version