search

kaltura / mwEmbed

Kaltura's Cross Platform Video Player ToolKit
http://player.kaltura.com
GNU Affero General Public License v3.0
210 stars 135 forks source link

Add to playlist has cross-site scripting vulnerability #4311

Open daplusharma121 opened 1 year ago

daplusharma121 commented 1 year ago

Add to playlist feature has cross site scripting vulnerability.

Steps to reproduce:

  1. Open a video and click on add to playlist.
  2. create a new playlist with XSS payload. 1
  3. click on add. 2
  4. payload gets executed. (test0122<img src=1 onerror=alert(3)) 3