npm›video.js›CVE-2021-234146.1 MEDIUMCross-site ScriptingThe src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.