Description:
While making an account in demo.avideo.com I found a parameter β?success=β which did not sanitize any symbol character properly which leads to XSS attack.
Impact:
Since thereβs an Admin account on demo.avideo.com attacker can use this attack to Takeover the adminβs account
Step to Reproduce:
https://demo.avideo.com/user?success="><img src=x onerror=alert(document.cookie)>