starcitizenwiki/embedvideo
php · starcitizenwiki/embedvideoCritical
starcitizenwiki/embedvideo: stored XSS via unsanitized service name
A stored XSS vulnerability was found in the EmbedVideo extension.
20 Jun 2026 · act now
php · starcitizenwiki/embedvideoCritical
starcitizenwiki/embedvideo: Unescaped class parameter allows XSS
The user-supplied class value is directly interpolated into an HTML template via sprintf without escaping, enabling injection of a
20 Jun 2026 · act now
php · starcitizenwiki/embedvideoCritical
starcitizenwiki/embedvideo: HTML/JavaScript injection via malformed video URLs
A security vulnerability in the EmbedVideo extension allows malformed video URLs or IDs to escape the data-mw-iframeconfig attribu
20 Jun 2026 · act now