Moderate severityNVD Advisory· Published Jul 28, 2021· Updated Sep 16, 2024

Cross-site Scripting (XSS)

CVE-2021-23414

Description

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

LLM-synthesized narrative grounded in this CVE's description and references.

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
video.jsnpm	< 7.14.3	7.14.3

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

No linked articles in our index yet.