{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-23414","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","datePublished":"2021-07-28T07:20:11.321Z","dateUpdated":"2024-09-16T23:46:55.457Z","dateReserved":"2021-01-08T00:00:00.000Z"},"containers":{"cna":{"title":"Cross-site Scripting (XSS)","datePublic":"2021-07-28T00:00:00.000Z","providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2022-12-07T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code."}],"affected":[{"vendor":"n/a","product":"video.js","versions":[{"version":"unspecified","lessThan":"7.14.3","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-JS-VIDEOJS-1533429"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588"},{"url":"https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2"},{"name":"FEDORA-2022-f7fdcb1820","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/"},{"name":"FEDORA-2022-cb7084ae1c","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/"},{"name":"FEDORA-2022-74a9c8e95f","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/"}],"credits":[{"lang":"en","value":"Snyk Security Team"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Cross-site Scripting (XSS)"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:05:55.920Z"},"title":"CVE Program Container","references":[{"url":"https://snyk.io/vuln/SNYK-JS-VIDEOJS-1533429","tags":["x_transferred"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587","tags":["x_transferred"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588","tags":["x_transferred"]},{"url":"https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2","tags":["x_transferred"]},{"name":"FEDORA-2022-f7fdcb1820","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/"},{"name":"FEDORA-2022-cb7084ae1c","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/"},{"name":"FEDORA-2022-74a9c8e95f","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/"}]}]}}