CVE-2025-69771

CRITICAL 9.6

CVSS Score

9.6

EPSS Score

0.0%

EPSS Percentile

14th

Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the same-site context, it can bypass cross-origin restrictions, leading to unauthorized same-site API requests and session data exfiltration.

Vendor	n/a
Product	n/a
Published	Feb 25, 2026
Last Updated	Mar 20, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new critical vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

reve-offensive.tistory.com: https://reve-offensive.tistory.com/35 github.com: https://github.com/killergerbah/asbplayer