pkg:npm/@haxtheweb/video-player
2 total CVEs
✅ Check your installed version
All known vulnerabilities
- —CVE-2026-46396Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeoverfrom 0, < 26.0.0
- —CVE-2026-46496HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theftfrom 0, < 26.0.0