CVE-2026-57167
PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker's videos. This issue is fixed in version 8.2.2.
| CWE | CWE-80 |
| Vendor | chocobozzz |
| Product | peertube |
| Published | Jul 10, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for chocobozzz peertube
Be the first to know when new unknown vulnerabilities affecting chocobozzz peertube are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Chocobozzz / PeerTube
< 8.2.2