A vulnerability, which was classified as problematic , has been found in haxtheweb haxcms-nodejs and video-player up to 25.x . This issue affects some unknown processing. The manipulation of the argument Source leads to cross site scripting. This vulnerability is traded as CVE-2026-46496 . It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.