CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/08/22 7:15 p.m.•12 views

CVE-2022-26842

A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP...

9.6CVSS6.2AI score

Prion•added 2022/08/22 7:15 p.m.•15 views

Cross site scripting

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...

5.8CVSS6AI score0.07798EPSS

Prion•added 2022/08/22 7:15 p.m.•12 views

Cross site scripting

5.8CVSS6AI score0.10012EPSS

Prion•added 2022/08/22 7:15 p.m.•13 views

Cross site scripting

6CVSS8.5AI score0.03542EPSS

Prion•added 2022/08/22 7:15 p.m.•15 views

Cross site scripting

A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this...

5.8CVSS6AI score0.09808EPSS

Prion•added 2022/08/22 7:15 p.m.•12 views

Cross site scripting

6.8CVSS8.6AI score0.09453EPSS

Prion•added 2022/08/22 7:15 p.m.•15 views

Cross site scripting

5.8CVSS6AI score0.14418EPSS

Cvelist•added 2022/08/22 6:27 p.m.•19 views

CVE-2022-32772

9.6CVSS6.2AI score0.07798EPSS

CVE•added 2022/08/22 6:27 p.m.•94 views

CVE-2022-32772

CVE-2022-32772 affects WWBN AVideo 11.6 and the dev master commit 3f7c0364. The vulnerability is a footer alerts XSS in the msg parameter, where insufficient sanitization allows crafted input to inject JavaScript. TALOS confirms multiple XSS variants via footer.php without proper sanitization, in...

9.6CVSS6.1AI score0.07798EPSS

Vulnrichment•added 2022/08/22 6:27 p.m.•6 views

CVE-2022-32772

9.6CVSS6AI score0.07798EPSS

Vulnrichment•added 2022/08/22 6:27 p.m.•7 views

CVE-2022-32771

9.6CVSS6.5AI score0.10012EPSS

Cvelist•added 2022/08/22 6:27 p.m.•18 views

CVE-2022-32771

9.6CVSS6.2AI score0.10012EPSS

CVE•added 2022/08/22 6:27 p.m.•85 views

CVE-2022-32771

WWBN AVideo 11.6 and the dev master commit 3f7c0364 are affected by a cross-site scripting (XSS) vulnerability in the footer alerts functionality driven by the 'success' parameter. The issue arises because the parameter is inserted into the page with insufficient sanitization, allowing an attacke...

9.6CVSS6AI score0.10012EPSS

Cvelist•added 2022/08/22 6:27 p.m.•13 views

CVE-2022-32770

9.6CVSS6.2AI score0.14418EPSS

CVE•added 2022/08/22 6:27 p.m.•90 views

CVE-2022-32770

WWBN AVideo 11.6 and dev master commit 3f7c0364 are affected by a footer alerts XSS (CVE-2022-32770) due to insufficient sanitization of the toast parameter. The vulnerability allows arbitrary JavaScript execution in an authenticated user context by crafting HTTP requests; PoCs show vector usage ...

9.6CVSS6.1AI score0.14418EPSS

Vulnrichment•added 2022/08/22 6:24 p.m.•5 views

CVE-2022-30690

9.6CVSS6AI score0.09808EPSS

Cvelist•added 2022/08/22 6:24 p.m.•10 views

CVE-2022-30690

9.6CVSS6.2AI score0.09808EPSS

CVE•added 2022/08/22 6:24 p.m.•57 views

CVE-2022-30690

CVE-2022-30690 is a reflected cross-site scripting (XSS) vulnerability in WWBN AVideo (version 11.6 and the dev master commit 3f7c0364) involving the image403.php handler. The issue stems from unsanitized input via the 403ErrorMsg parameter, which is echoed back in the 403 page, enabling arbitrar...

9.6CVSS6.2AI score0.09808EPSS

Cvelist•added 2022/08/22 6:22 p.m.•11 views

CVE-2022-28712

9CVSS8.8AI score0.03542EPSS