Cross-Site Scripting Vulnerability in PeerTube Video Streaming Platform
CVE-2026-57167
5.1MEDIUM
What is CVE-2026-57167?
PeerTube, an ActivityPub-federated video streaming platform, was affected by a Cross-Site Scripting vulnerability in its server-side-rendered video watch pages. Prior to version 8.2.2, the platform improperly handled video metadata embedded in schema.org JSON-LD blocks, failing to escape certain characters. This oversight allowed attackers to inject arbitrary HTML or JavaScript into the pages, executing code within the user's instance origin when viewing compromised videos. This issue has been addressed in version 8.2.2.
Affected Version(s)
PeerTube < 8.2.2
