Cross site scripting

A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger thi...

CVE-2022-28712

CVE-2022-28712 (WWBN AVideo) is a stored XSS in videoAddNew for WWBN AVideo 11.6 and dev master commit 3f7c0364. An authenticated user can post to objects/videoAddNew.json.php with a crafted videoLink or manipulated title, causing unsanitized titles to be rendered on lists/pages via getVideosList...

WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-28712 SUMMARY A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

YouPHPTube videoAddNew.json.php file SQL injection vulnerability

YouPHPTube is a PHP-based video website system. A SQL injection vulnerability exists in the /objects/videoAddNew.json.php file in YouPHPTube version 7.6. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit...