2021-07-28 07:20:11
snyk
PUBLISHED
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.