CVE-2023-47861

A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

CVE-2023-47861

A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

Cross site scripting

A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

Cross site scripting

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

Cross site scripting

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

CVE-2023-48730

Affected product: WWBN AVideo (dev master commit 15fed957fb). Vulnerability: Stored cross-site scripting (XSS) in navbarMenuAndLogo.php user name rendering due to improper sanitization. The user name is echoed into the navbar and can execute JavaScript when the page is loaded. Exploitation requir...

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

CVE-2023-47861

A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2023-48728

WWBN AVideo 11.6 (and dev master commit 3c6bb3ff) is affected by a reflected cross-site scripting (XSS) vulnerability in the function getOpenGraph videoName parameter. The issue arises from missing sanitization of the videoName input displayed on the OpenGraph page, enabling arbitrary JavaScript ...

CVE-2023-47861

A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2023-1882 WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-48730 SUMMARY A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev...

Stored Cross Site Scripting (XSS)

class.upload.php is vulnerable to Stored Cross Site Scripting. The vulnerability is due to improper validation on uploaded files. This issue can be exploited by an attacker via uploading malicious files leading to the execution of arbitrary JavaScript...

Cross-site Scripting (XSS)

tinymce is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of proper sanitization for iframe, object and embed URL attributes within the TinyMCE's core parser. This allows an attacker to insert a specially crafted piece of content into the editor using the clipboard or APIs...

GHSA-GJHC-6XM7-MC8Q Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and...

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...