Name of the Vulnerable Software and Affected Versions VideoJS versions prior to the version that fixes the XSS vulnerability eZ Publish Platform 5.4 eZ Publish Legacy 5.4

Description The issue is related to an XSS vulnerability in the Flash-based video player of VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. This vulnerability may affect users of eZ Publish Platform 5.4 and eZ Publish Legacy 5.4, and potentially those using newer branches if the vulnerable software is installed. The estimated number of potentially affected devices is not specified.

Recommendations For VideoJS versions prior to the version that fixes the XSS vulnerability, consider removing the affected file to resolve the issue, although this will break the video playback feature. For eZ Publish Platform 5.4 and eZ Publish Legacy 5.4, remove the affected file from DemoBundle and the ezdemo legacy extension to mitigate the risk. As a temporary workaround, consider disabling the Flash-based video player until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.