Homepage
About Snyk

video.js@7.11.0 vulnerabilities

An HTML5 video player that supports HLS and DASH with a common API and skin.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the video.js package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

video.js is a web video player built from the ground up for an HTML5 world.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

How to fix Cross-site Scripting (XSS)?

Upgrade video.js to version 7.14.3 or higher.

<7.14.3
Go back to all versions of this package