NIXPKGS-2025-0010

published on

Permalink CVE-2025-31384

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

updated 6 months, 3 weeks ago by @Erethon Activity log

Created automatic suggestion 1 year ago
@LeSuisse dismissed 1 year ago
@Erethon accepted 9 months, 3 weeks ago
@Erethon added maintainer @Erethon 6 months, 4 weeks ago maintainer.add
@Erethon deleted maintainer @Erethon 6 months, 4 weeks ago maintainer.delete
@Erethon published on GitHub 6 months, 3 weeks ago

WordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.

References

https://patchstack.com/database/wordpress/plugin/videos/vulnerability/wordpress… vdb-entry

Affected products

videos

=<1.0.5

Matching in nixpkgs

pkgs.pantheon.elementary-videos

Video player and library app designed for elementary OS

nixos-unstable 8.0.1
- nixpkgs-unstable 8.0.1
- nixos-unstable-small 8.0.1

Package maintainers

@davidak David Kleuker <post@davidak.de>
@bobby285271 Bobby Rong <rjl931189261@126.com>

Nixpkgs security tracker

Details of issue NIXPKGS-2025-0010

References

Affected products

Matching in nixpkgs

pkgs.pantheon.elementary-videos

Package maintainers