Name of the Vulnerable Software and Affected Versions lazysizes versions prior to 5.2.1-rc1

Description The issue affects the video-embed plugin of lazysizes, which fails to properly sanitize certain attributes, including data-vimeo, data-vimeoparams, data-youtube, and data-ytparams. This oversight allows attackers to execute arbitrary JavaScript code in a victim's browser if they have control over these vulnerable attributes.

Recommendations Upgrade to version 5.2.1-rc1 or later.