2 matches found
CVE-2022-28712
A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger thi...
CVE-2022-28712
CVE-2022-28712 (WWBN AVideo) is a stored XSS in videoAddNew for WWBN AVideo 11.6 and dev master commit 3f7c0364. An authenticated user can post to objects/videoAddNew.json.php with a crafted videoLink or manipulated title, causing unsanitized titles to be rendered on lists/pages via getVideosList...