We're updating the issue view to help you get more done. 

Paella player in opencast 5.x is vulnerable to script injection

Description

Paella player is vulnerable to script injection, making it possible e.g. to craft a title which causes an index rebuild or adds new users if the right people watch that video.

It is fixed in Opencast 6.0 (paella 6.0), but Opencast 5 (paella 5.2) is still vulnerable.

Steps to reproduce

None

Status

Assignee

Unassigned

Reporter

Miguel Escriva

Criticality

None

Tags (folksonomy)

None

Components

Affects versions

5.2

Priority

Major