VideoJS – Cross-Site Scripting (XSS)

Affects Plugins

video-embed-thumbnail-generator

Fixed in 4.1

1player

Fixed in 1.4

external-video-for-everybody

Fixed in 2.1

EasySqueezePage

No known fix

References

URL

https://seclists.org/fulldisclosure/2013/May/66

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

be165b4b-cddb-46ec-8863-4d44e4d53045

Timeline

Publicly Published

2014-08-01 (about 9 years ago)

Added

2014-08-01 (about 9 years ago)

Last Updated

2019-10-21 (about 4 years ago)

Other

Published

Title

Published

2023-02-13

Title

Twitch Player < 2.1.1 - Admin+ Stored XSS

Published

2021-01-06

Title

Elementor < 3.0.14 - SVG Upload Allowed by Default

Published

2014-08-01

Title

Smart Start - VideoJS Cross-Site Scripting

Published

2023-11-13

Title

WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Published

2019-01-07

Title

JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)