EUVD-2026-24539

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

PT-2026-34206

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An issue exists where the isValidDuration function at 'objects/video.php:918' uses a regular expression /^0-91,2:0-91,2:0-91,2/ that lacks a $ end anchor. This allows arbitrary HTML or JavaScript ...

WWBN AVideo has Stored XSS via Unanchored Duration Regex in Video Encoder Receiver

Summary The isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the database and rendered without HTML escaping via echo...

Denial Of Service (DoS)

alextselegidis/easyappointments is vulnerable to Denial Of Service DoS. The vulnerability is due to booking logic flaws due to insufficient validation of appointment duration, allowing unauthenticated attackers to block future booking availability by creating excessively long appointments...