Lucene search
K

6 matches found

NVD
NVD
added 2026/06/20 7:16 p.m.14 views

CVE-2026-56347

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.20 views

CVE-2026-56347 AVideo TopMenu Plugin - Stored Cross-Site Scripting via Unescaped Menu Item Fields

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.22 views

CVE-2026-56347

CVE-2026-56347 affects the AVideo TopMenu plugin up to version 26.0. The issue is a stored cross-site scripting vulnerability in menu item rendering caused by missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fiel...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 11:25 p.m.1 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of menu item fields such as icon classes, URLs, and text labels without proper output encoding in the TopMenu plugin. An...

6.1CVSS5.8AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 11:25 p.m.11 views

GHSA-GMPC-FXG2-VCMQ AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin

Summary The TopMenu plugin renders menu item fields icon classes, URLs, and text labels directly into HTML without applying htmlspecialchars or any other output encoding. Since menu items are rendered on every public page through plugin hooks, a single malicious menu entry results in stored...

6.1CVSS5.8AI score0.00167EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/01 11:25 p.m.10 views

AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin

Summary The TopMenu plugin renders menu item fields icon classes, URLs, and text labels directly into HTML without applying htmlspecialchars or any other output encoding. Since menu items are rendered on every public page through plugin hooks, a single malicious menu entry results in stored...

5.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder