Name of the Vulnerable Software and Affected Versions: eZ Publish Platform versions prior to 5.4 eZ Publish Legacy versions prior to 5.4 VideoJS (affected versions not specified)

Description: The issue is related to an XSS vulnerability in the Flash-based video player of VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. This vulnerability may affect users of eZ Publish Platform 5.4 and eZ Publish Legacy 5.4, and potentially those using newer branches if the vulnerable software is installed. The estimated number of potentially affected devices is not provided.

Recommendations: For eZ Publish Platform versions prior to 5.4, remove the affected file to resolve the vulnerability, although this will break the video playback feature. For eZ Publish Legacy versions prior to 5.4, remove the affected file to resolve the vulnerability, although this will break the video playback feature. At the moment, there is no information about a newer version that contains a fix for this vulnerability.