3 matches found
CVE-2022-30690
A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this...
CVE-2022-30690
CVE-2022-30690 is a reflected cross-site scripting (XSS) vulnerability in WWBN AVideo (version 11.6 and the dev master commit 3f7c0364) involving the image403.php handler. The issue stems from unsanitized input via the 403ErrorMsg parameter, which is echoed back in the 403 page, enabling arbitrar...
WWBN AVideo image403 cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1539 WWBN AVideo image403 cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-30690 SUMMARY A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...