Lucene search
K

36 matches found

CNNVD
CNNVD
added 2026/03/31 12:0 a.m.6 views

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for the onpublishdone.php endpoint in the Live plugin, which could allo...

7.5CVSS5.8AI score0.00479EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.5 views

CVE-2026-33502

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe...

9.3CVSS5.9AI score0.00442EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33485

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations —...

7.5CVSS5.8AI score0.00468EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33351

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS5.8AI score0.00431EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/23 4:29 p.m.22 views

CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe...

9.3CVSS0.00442EPSS
Exploits1References2
NVD
NVD
added 2026/03/23 2:16 p.m.6 views

CVE-2026-33351

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS0.00431EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/23 1:51 p.m.2 views

CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS5.8AI score0.00431EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/23 1:51 p.m.23 views

CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS0.00431EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 1:51 p.m.2 views

CVE-2026-33351

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS5.8AI score0.00431EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 1:12 a.m.5 views

CVE-2022-1187

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the /inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21...

6.1CVSS6.4AI score0.01289EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.3 views

WordPress plugin WP YouTube Live 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress WP YouTube Lives plugin prior to 1.8.3,...

4.8CVSS5.4AI score0.00654EPSS
Exploits1References2
Prion
Prion
added 2022/04/19 9:15 p.m.11 views

Cross site scripting

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the /inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21...

4.3CVSS6.1AI score0.01289EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/19 8:26 p.m.13 views

CVE-2022-1187 WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the /inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21...

6.1CVSS6.5AI score0.01289EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/04/19 8:26 p.m.6 views

CVE-2022-1187 WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the /inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21...

6.1CVSS6.5AI score0.01289EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.5 views

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin WP YouTube Live 1.7.21 and previous versions are vulnerable to a cross-site scripting vulnerability, which stems from the plugin being vulnerable to a reflected cross-site scripting attack via POST data in the...

6.1CVSS5.5AI score0.01289EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/04/19 12:0 a.m.4 views

PT-2022-13701

Name of the Vulnerable Software and Affected Versions WordPress WP YouTube Live Plugin versions prior to 1.7.22 Description The issue allows unauthenticated attackers to inject arbitrary web scripts via Reflected Cross-Site Scripting. This is possible due to vulnerable POST data found in the...

6.1CVSS6.4AI score0.01289EPSS
Exploits0References7
Rows per page
Query Builder