Package impact
npm / @haxtheweb/video-player
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46396 | high | — | 8.0 | 11d ago | Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover |
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46396 | high | — | 8.0 | 11d ago | Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover |