6 matches found
CVE-2026-43882
WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...
CVE-2026-43882
WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...
CVE-2026-43882 WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing
WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper...
CVE-2026-43882
CVE-2026-43882 affects WWBN AVideo up to v29.0 via an unauthenticated endpoint plugin/Scheduler/downloadICS.php that passes user-controlled title, date_start, description and joinURL into Scheduler::downloadICS(), building an ICS calendar. ICS::escape_string() only escapes comma and semicolon, no...
PT-2026-37298
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description The unauthenticated 'plugin/Scheduler/downloadICS.php' endpoint passes attacker-controlled title, description, and joinURL parameters into the Scheduler::downloadICS function, which utilizes the I...
Google Calendar Phishing Scam Targets Users with Malicious Invites
Protect yourself from sophisticated phishing attacks that leverage Google Calendar to steal your personal information...