starcitizenwiki/embedvideo
Packagist4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting starcitizenwiki/embedvideopage 1 of 1
- CVE-2025-59839HIGHCVSS 8.6EG 8.62025-09-25
vulnerable: 3.0.0 ... 4.0.0 (26 versions)
The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows a…
- CVE-2026-55690HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.02026-06-19
vulnerable: 3.0.0 ... 4.0.0 (26 versions)
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text ### Summary When passing an unknown service name to embedvideo, an error message is rendered containing the invalid service name. The service…
- CVE-2026-55691HIGHCVSS 8.6EG 8.6✓ Fixed in 4.1.02026-06-19
vulnerable: 3.0.0 ... 4.0.0 (26 versions)
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template ### Summary The user supplied class value is fed directly into the sprintf call that creates HTML. You can add a quote to escape the class and then…
- CVE-2026-55692HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.02026-06-19
vulnerable: 3.0.0 ... 4.0.0 (26 versions)
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled ### Summary With $wgEmbedVideoRequireConsent enabled (the default), the urls for videos are stored in a json-ified data attri…
Check whether starcitizenwiki/embedvideo is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for starcitizenwiki/embedvideo CVEs against the assets you own.
Start Free Scan →