Antqt

**Name of the Vulnerable Software and Affected Versions** SRS versions prior to 5.0.210 SRS versions prior to 6.0.121 **Description** The issue concerns SRS, a simple, high-efficiency, real-time video server. Specifically, the `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint did not filter the callback function name, leading to the injection of malicious JavaScript payloads and the execution of Cross-Site Scripting (XSS). **Recommendations** For versions prior to 5.0.210, update to version 5.0.210 or later. For versions prior to 6.0.121, update to version 6.0.121 or later.