5 matches found
CVE-2026-33683
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...
GHSA-GHX5-7JJG-Q2J7 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field
Summary A sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function entity-encodes input before stripspecifictags can match dangerous HTML tags, and...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the about field. An attacker can execute arbitrary JavaScript in the browsers of users who visit a maliciously crafted channel page by...
CVE-2026-33683
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...
tv8.ch XSS vulnerability
Vulnerable URL: http://www.tv8.ch/tv8/channel/168%22%3E%3Csvg%20onload=alert%28%27XSSPOSED%27%29%3E/3-SAT/now/33/journey/1/progview=1?search=asd Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...