MarionVagner-dA
7 months agoCommunity Member
HLS vulnerabilty on Storyline Modern Player
Hello,
Our Security IT department identified a vulnerability issue with the file hls.min.js which is found in any course exported using Storyline 360 modern player, even if hls is 'turn off' (publish video quality set to Static).
The application loads an external library or source code file using appendExecutor. An attacker might be able to exploit this and cause the application to load arbitrary code.
Using the classic player instead is not option due to the lack of responsiveness of that player.
Do you have any information on a future update of that file?