Package impact
npm / @haxtheweb/video-player
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46496 | medium | — | 5.5 | 11d ago | HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft |
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46496 | medium | — | 5.5 | 11d ago | HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft |