Since the script you’re adding
<script src="https://cmox.cdn.vooplayer.com/assets/vooplayer.js"></script>
is considered third-party, you would need to whitelist it. You can do that by adding
https://cmox.cdn.vooplayer.com/assets/vooplayer.js
to the content_security_policy_script_src site setting in the admin like so
If you’d like to learn more about Content Security Policy and how it affects Discourse customizations, please have a look here
Also note that the src attribute in your Iframe code is empty so it doesn’t really load anything. Make sure the src attribute is set to the src of the Iframe you’re trying to load.