Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 6:42 p.m.4 views

CVE-2026-33685

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...

5.3CVSS5.8AI score0.00315EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/22 5:17 p.m.3 views

CVE-2026-33295

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS0.00216EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/19 5:12 p.m.3 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cleantitle field within the CDN plugin's download buttons component, where user-supplied input is directly interpolated into a...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/01/18 10:6 a.m.48 views

Vimeo: Legacy API exposes private video titles

Hi, I have discovered Vimeo's legacy API vimeo.com/api exposes private video titles. Example URL: https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/152133387 Vimeo provides the uploader with 5 privacy options for viewing videos: 1. Anyone 2. Only me 3. Only people I follow 4. Only people ...

0.3AI score
Exploits0
Rows per page
Query Builder