Paella player in opencast 5.x is vulnerable to script injection

Description

Paella player is vulnerable to script injection, making it possible e.g. to craft a title which causes an index rebuild or adds new users if the right people watch that video.

It is fixed in Opencast 6.0 (paella 6.0), but Opencast 5 (paella 5.2) is still vulnerable.

Assignee

Unassigned

Reporter

Miguel Escriva

Tags (folksonomy)

None

Components

Affects versions

Priority

Major
Configure