Lucene search
+L

4 matches found

osv
osv
added 2026/06/04 6:56 p.m.9 views

GHSA-66Q5-CJ5G-WRFX WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

4.7CVSS5.9AI score0.00031EPSS
Exploits0References3
github
github
added 2026/06/04 6:56 p.m.13 views

WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

4.7CVSS5.9AI score0.00031EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.20 views

PT-2026-46849

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

4.7CVSS5.9AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.18 views

PT-2026-46895

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description A stored Cross-Site Scripting XSS issue exists in the YouTubeAPI plugin. The plugin retrieves the snippet.title field from the YouTube Data API and renders it into the homepage gallery markup withou...

4.7CVSS6.1AI score0.00031EPSS
Exploits0References5
Rows per page
Query Builder