Paella player in opencast 5.x is vulnerable to script injection

Description

Paella player is vulnerable to script injection, making it possible e.g. to craft a title which causes an index rebuild or adds new users if the right people watch that video.

It is fixed in Opencast 6.0 (paella 6.0), but Opencast 5 (paella 5.2) is still vulnerable.

Fixed and reviewed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Unassigned

Reporter

Miguel Escriva