15 matches found
CVE-2026-33499
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craf...
CVE-2026-26829
creationtimestamp| type| source ---|---|--- 2026-03-23 16:16:48+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-26829...
CVE-2026-33499 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craf...
CVE-2026-33499 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craf...
CVE-2026-33499 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craf...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unlockPassword parameter in the forbiddenPage.php and warningPage.php templates. An attacker can execute arbitrary JavaScript in t...
GHSA-7292-W8QP-MHQ2 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php
Summary The view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craft a URL that breaks out of the value attribute and injects arbitrary HTML...
AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php
Summary The view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craft a URL that breaks out of the value attribute and injects arbitrary HTML...
Semrush: Ports are not shown in third-party site redirect warning page.
Summary: Ports are not shown in third-party site redirect warning page Vulnerable Endpoint :- https://www.semrush.com/redirect?urlhttp://example.com:1337 Description: I noticed 311330 this report where you guys fixed a open redirect report by adding a external third-party site redirect warning pa...
HackerOne: Content Spoofing - External Link Warning Page
Here is example link: Click Here Raw Data: Click Here Issue: In External link warning page, this link shown as plain text and no forced URL encoded, leading an attacker to frame sentences and trick users. In given example, attacker can trick user to click 'Proceed' button saying it will redirect...
HackerOne: Homograph Attack
Hello HackerOne, Fix of Report 29491 and 58612 is incomplete. I found another way to to replicate homograph attack using Hex Code: www.%00ebаy.com www.%01ebаy.com www.%02ebаy.com www.%03ebаy.com www.%04ebаy.com www.%05ebаy.com www.%06ebаy.com www.%07ebаy.com www.%08ebаy.com www.%0Bebаy.com...
Mozilla Thunderbird < 13.0 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist...
Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/50189/info Check Point UTM-1 Edge and Safe are prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. Multiple cross-site request forgery vulnerabilities 4...
CVE-2011-0745
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover 1 the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or 2 t...
Microsoft Warns on Scareware Alerts
Microsoft is warning of a new type of scareware, dubbed Rogue:MSIL/Zeven, which identifies a user’s browser–whether it’s Google Chrome, Internet Explorer or Firefox–and serves up a nearly perfect-looking version of the browser’s malware warning page. Read the full article. Information Week...