2 matches found
CVE-2026-50183 WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section
WWBN AVideo is an open source video platform. Versions 29.0 and below contain a stored Cross-Site Scripting vulnerability in the YouTubeAPI plugin. The plugin renders the snippet.title field returned by the YouTube Data API into the homepage gallery markup with no HTML encoding. The title is set ...
PT-2026-46895
Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description A stored Cross-Site Scripting XSS issue exists in the YouTubeAPI plugin. The plugin retrieves the snippet.title field from the YouTube Data API and renders it into the homepage gallery markup withou...