Skip to content
This repository has been archived by the owner on Dec 10, 2020. It is now read-only.

XSS Vulnerability video-js.swf #142

Closed
ghost opened this issue Mar 17, 2015 · 1 comment
Closed

XSS Vulnerability video-js.swf #142

ghost opened this issue Mar 17, 2015 · 1 comment

Comments

@ghost
Copy link

ghost commented Mar 17, 2015

We detected an XSS vulnerability:

Please try this link using safari or firefox, be sure to replace http://www.domain.com/path/to/ with a running webserver:
http://www.domain.com/path/to/video-js.swf?readyFunction=alert
@mmcc mmcc closed this as completed in 76025fc Mar 17, 2015
heff added a commit that referenced this issue Mar 17, 2015
@heff
Merge pull request #143 from mmcc/xss-fix
98cc1a6 
hard coded callbacks to avoid XSS. Closes #142
@mmcc
Copy link
Member

mmcc commented Mar 18, 2015

Thanks for letting us know! This is fixed in the most recent release, but in the future, please consider contacting us directly about security vulnerabilities so we can have a chance to fix it before going public.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mmcc