2 matches found
CVE-2023-30860
CVE-2023-30860 affects WWBN AVideo prior to version 12.4. A normal user can create a Meeting Schedule and invite others, but input is not properly sanitized when creating a Meeting Room, allowing insertion of malicious scripts. Any user, including admins, can view the meeting room, enabling cooki...
CVE-2023-30860 WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...