Back to CVE List

CVE-2026-57167

Vulnerability Description

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker's videos. This issue is fixed in version 8.2.2.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-80
Source
NVD
Vendor
Chocobozzz
Product
PeerTube

External References

Discussion (0)

Add Comment

No comments yet. Be the first!