Description
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
Remediation
References
Related Vulnerabilities
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.148)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2133)
WordPress Plugin Billplz for WooCommerce Unspecified Vulnerability (3.10)
WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) Security Bypass (2.3.3)