EUVD-2023-1654

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

AVideo prior to version 12.4 allows users to create meetings with unsanitized input, risking account takeover.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-30860	29 Apr 202300:55	–	circl
CNNVD	WWBN AVideo 跨站脚本漏洞	8 May 202300:00	–	cnnvd
CVE	CVE-2023-30860	8 May 202318:04	–	cve
Cvelist	CVE-2023-30860 WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account	8 May 202318:04	–	cvelist
Github Security Blog	WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account	1 May 202322:30	–	github
NVD	CVE-2023-30860	8 May 202319:15	–	nvd
OSV	CVE-2023-30860 WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account	8 May 202318:04	–	osv
OSV	GHSA-XR9H-P2RC-RPQM WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account	1 May 202322:30	–	osv
Prion	Design/Logic Flaw	8 May 202319:15	–	prion
Positive Technologies	PT-2023-23017 · Avideo · Avideo	1 May 202300:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "bc9ac1b0-a2e1-3464-b0eb-b41dea5361b3",
        "vendor": {
          "name": "WWBN"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "9ef8c0df-6371-32ec-821a-950d63e508ab",
        "product": {
          "name": "AVideo"
        },
        "product_version": "WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account"
      }
    ]
  }
]

Source	Link
github	www.github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-30860
github	www.github.com/WWBN/AVideo
youtu	www.youtu.be/Nke0Bmv5F-o

03 Oct 2025 20:07Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.15.4 - 8

EPSS0.04161

SSVC