CVE-2026-46496 | haxtheweb haxcms-nodejs/video-player up to 25.x Source cross site scripting (GHSA-2m6p-hm3w-6jm3)

A vulnerability, which was classified as problematic, has been found in haxtheweb haxcms-nodejs and video-player up to 25.x. This issue affects some unknown processing. The manipulation of the argument Source leads to cross site scripting.

This vulnerability is traded as CVE-2026-46496. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More