id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
5528	xss in videojs-swf	shivbihari pandey		"found xss in videojs swf

[https://mediagoblin.org/js/extlib/video-js/video-js.swf?readyFunction=alert]

[https://mediagoblin.org/js/extlib/video-js/video-js.swf?poster=http://www.flash-test.net/relog.swf]

VideoJS does not escape metadata passed to JavaScript via ExternalInterface. "	defect	new	major		programming