npm
@haxtheweb/video-player
2 known vulnerabilities · 0 critical · 0 high
GHSA-jh3h-rpxg-fr36
Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover
Published May 19, 2026
GHSA-2m6p-hm3w-6jm3
HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft
Published May 19, 2026
Check your entire dependency tree at onceRun dependency scan →