6 matches found
EUVD-2023-1654
Malicious code in bioql PyPI...
CVE-2023-30860
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...
CVE-2023-30860 WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...
CVE-2023-30860 WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...
GHSA-XR9H-P2RC-RPQM WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
In AVideo, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but I found out that it did not properly sanitize the malicious characters when creating a Meeting Room. This leads the attacker to put malicious scripts. Impact: Since any USER including...
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
In AVideo, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but I found out that it did not properly sanitize the malicious characters when creating a Meeting Room. This leads the attacker to put malicious scripts. Impact: Since any USER including...