CVE-2022-27462

Cross Site Scripting XSS vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php...

Cross-site Scripting (XSS)

wwbn/avideo is vulnerable to cross-site scripting. The getDeviceID method does not properly handle the $device parameter, allowing an attacker to inject malicious script into victim's browser via yptDevice to view/include/head.php...

Cross site scripting

Cross Site Scripting XSS vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php...

CVE-2022-27462

Cross Site Scripting XSS vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php...

Wwbn Avideo 跨站脚本漏洞

Wwbn Avideo is a video platform builder written in PHP by the Wwbn WWBN team. A security vulnerability exists in objects/function.php in the function getDeviceID in Wwbn Avideo before 11.6, which allows an attacker to view /include/head.php with the yptDevice parameter...

Information disclosure

In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction ...