Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.3 views

CVE-2026-33683

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References1
OSV
OSV
added 2026/03/25 7:52 p.m.2 views

GHSA-GHX5-7JJG-Q2J7 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field

Summary A sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function entity-encodes input before stripspecifictags can match dangerous HTML tags, and...

5.4CVSS6AI score0.00176EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/25 7:52 p.m.3 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the about field. An attacker can execute arbitrary JavaScript in the browsers of users who visit a maliciously crafted channel page by...

5.4CVSS5.8AI score0.00176EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:41 p.m.2 views

CVE-2026-33683

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References3Affected Software1
Openbugbounty
Openbugbounty
added 2015/07/29 6:25 p.m.11 views

tv8.ch XSS vulnerability

Vulnerable URL: http://www.tv8.ch/tv8/channel/168%22%3E%3Csvg%20onload=alert%28%27XSSPOSED%27%29%3E/3-SAT/now/33/journey/1/progview=1?search=asd Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

6.3AI score
Exploits0
Rows per page
Query Builder