Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33295

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References1
NVD
NVD
added 2026/03/22 5:17 p.m.3 views

CVE-2026-33295

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS0.00216EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/22 5:0 p.m.3 views

CVE-2026-33295

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/22 5:0 p.m.30 views

CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS0.00216EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/22 5:0 p.m.2 views

CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References2
OSV
OSV
added 2026/03/22 5:0 p.m.4 views

CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS6AI score0.00216EPSS
Exploits1References4
CVE
CVE
added 2026/03/22 5:0 p.m.19 views

CVE-2026-33295

CVE-2026-33295 affects WWBN/AVideo prior to version 26.0, where a stored XSS exists in the CDN plugin’s downloadButtons.php. The vulnerability arises because the video record field clean_title is interpolated directly into a JavaScript string literal without escaping, enabling an attacker who can...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/19 5:12 p.m.3 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cleantitle field within the CDN plugin's download buttons component, where user-supplied input is directly interpolated into a...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 5:12 p.m.6 views

GHSA-GC3M-4MCR-H3PV AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

8.2CVSS5.8AI score0.00216EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/19 5:12 p.m.6 views

AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

8.2CVSS5.8AI score0.00216EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26473

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The clean title field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

8.2CVSS5.9AI score0.00216EPSS
Exploits1References7
Rows per page
Query Builder