PT-2026-25994

Summary AVideo contains a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's json encode into a JavaScript function that renders it via innerHTML, bypassing encoding and...