3 matches found
CVE-2026-33683
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...
CVE-2026-33683
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function...
PT-2026-27186
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description A flaw exists in the order of operations during sanitization of the user profile "about" field. This allows any registered user to inject arbitrary JavaScript that executes when other users...