Description

Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the same-site context, it can bypass cross-origin restrictions, leading to unauthorized same-site API requests and session data exfiltration.

INFO

Published Date :

2026-02-25T00:00:00.000Z

Last Modified :

2026-03-20T18:27:37.557Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69771 vulnerability.

Vendors Products
Asbplayer
  • Asbplayer
Killergerbah
  • Asbplayer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69771.

URL Resource
https://github.com/killergerbah/asbplayer cve-icon cve-icon
https://reve-offensive.tistory.com/35 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact