Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/21 10:49 p.m.3 views

CVE-2026-41061

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS5.4AI score0.00173EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/21 10:49 p.m.43 views

CVE-2026-41061 WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS0.00173EPSS
Exploits1References2
CVE
CVE
added 2026/04/21 10:49 p.m.16 views

CVE-2026-41061

WWBN AVideo (versions ≤ 29.0) is vulnerable due to an unanchored end in isValidDuration() regex in objects/video.php:918: /^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}/ allowing appending HTML/JavaScript after a valid duration. The crafted duration is stored and rendered without HTML escaping via Video::get...

5.4CVSS5.4AI score0.00173EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 11:22 p.m.11 views

WWBN AVideo has Stored XSS via Unanchored Duration Regex in Video Encoder Receiver

Summary The isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the database and rendered without HTML escaping via echo...

5.4CVSS6AI score0.00173EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder