Lucene search
GoogleOSV:GHSA-F98P-2HC5-FM7VHistoryMay 20, 2024 - 6:43 p.m.
AVideo cross-site scripting vulnerability in the view/about.php page
2024-05-2018:43:57
Google
osv.dev
4
xss issue
php file
user agent
headers
sanitization
malicious scripts
web page
browser
software
The PHP file view/about.php is vulnerable to an XSS issue due to no sanitization of the user agent.
At line [53], the website gets the user-agent from the headers through $_SERVER[‘HTTP_USER_AGENT’] and echo it without any sanitization.
In PHP, echo a user generated statement, here the User-Agent Header, without any sanitization allows an attacker to inject malicious scripts into the output of a web page, which are then executed in the browser of anyone viewing that page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wwbn/avideo | eq | 11.1.1 | |
| wwbn/avideo | eq | 11.5 | |
| wwbn/avideo | eq | 10.8 | |
| wwbn/avideo | eq | 11.6 | |
| wwbn/avideo | eq | 12.4 | |
| wwbn/avideo | eq | 11 | |
| wwbn/avideo | eq | 10.4 | |
| wwbn/avideo | eq | 11.1 |
Related
veracode
veracode
Cross Site Scripting (XSS)
2024-05-23 07:10:42
vulnrichment
vulnrichment
CVE-2024-34899
1976-01-01 00:00:00
nvd
nvd
CVE-2024-34899
2024-05-14 15:39:37
github
github
AVideo cross-site scripting vulnerability in the view/about.php page
2024-05-20 18:43:57
cve
cve
CVE-2024-34899
2024-05-14 15:39:37
cvelist
cvelist
CVE-2024-34899
1976-01-01 00:00:00