Security Advisories - starcitizenwiki/embedvideo - Packagist.org

starcitizenwiki/embedvideo Security Advisories (4)

[HIGH] StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled

PKSA-wg3k-7dyt-r1n5 CVE-2026-55692 GHSA-5c7p-g73q-rpg5

Affected version: <=4.0.0

Reported by:
GitHub
[HIGH] StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template

PKSA-17vj-28c7-d53v CVE-2026-55691 GHSA-7h5p-637f-jfr7

Affected version: <=4.0.0

Reported by:
GitHub
[HIGH] StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text

PKSA-bvqp-6135-khxc CVE-2026-55690 GHSA-c29q-5xm7-5p62

Affected version: <=4.0.0

Reported by:
GitHub
[HIGH] Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

PKSA-fnny-x6d4-t1qw CVE-2025-59839 GHSA-4j5h-mvj3-m48v

Affected version: <=4.0.0

Reported by:
GitHub