Lucene search
+L

4 matches found

prion
prion
added 2022/08/22 7:15 p.m.23 views

Cross site scripting

A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger thi...

6CVSS8.5AI score0.02438EPSS
Exploits1References2Affected Software1
cve
cve
added 2022/08/22 6:22 p.m.76 views

CVE-2022-28712

CVE-2022-28712 (WWBN AVideo) is a stored XSS in videoAddNew for WWBN AVideo 11.6 and dev master commit 3f7c0364. An authenticated user can post to objects/videoAddNew.json.php with a crafted videoLink or manipulated title, causing unsanitized titles to be rendered on lists/pages via getVideosList...

9CVSS8.5AI score0.02438EPSS
Exploits1References2Affected Software1
talos
talos
added 2022/08/16 12:0 a.m.57 views

WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-28712 SUMMARY A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

9CVSS8.7AI score0.02438EPSS
Exploits1
cnvd
cnvd
added 2019/10/18 12:0 a.m.7 views

YouPHPTube videoAddNew.json.php file SQL injection vulnerability

YouPHPTube is a PHP-based video website system. A SQL injection vulnerability exists in the /objects/videoAddNew.json.php file in YouPHPTube version 7.6. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit...

8.8CVSS8.2AI score0.01064EPSS
Exploits1References1
Rows per page
Query Builder