Lucene search
K

4 matches found

OSV
OSV
added 2026/06/04 6:56 p.m.9 views

GHSA-66Q5-CJ5G-WRFX WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

4.7CVSS5.9AI score0.00031EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 6:55 p.m.11 views

GHSA-HGJH-6WJ8-GCGF WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination

Unauthenticated Reflected XSS via $GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...

6.1CVSS6.2AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46894

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An unauthenticated Reflected Cross-Site Scripting XSS issue exists in the AVideo YouTubeAPI plugin. The problem occurs because the search query parameter is concatenated directly into the href attribut...

6.1CVSS6.3AI score0.00094EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46895

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description A stored Cross-Site Scripting XSS issue exists in the YouTubeAPI plugin. The plugin retrieves the snippet.title field from the YouTube Data API and renders it into the homepage gallery markup withou...

4.7CVSS6.1AI score0.00031EPSS
Exploits0References5
Rows per page
Query Builder