3 matches found
WWBN AVideo 11.6 - Cross-Site Scripting
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization. id: CVE-2022-32772 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity: medi...
CVE-2022-32772
A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...
CVE-2022-32772
CVE-2022-32772 affects WWBN AVideo 11.6 and the dev master commit 3f7c0364. The vulnerability is a footer alerts XSS in the msg parameter, where insufficient sanitization allows crafted input to inject JavaScript. TALOS confirms multiple XSS variants via footer.php without proper sanitization, in...