4 matches found
GHSA-66Q5-CJ5G-WRFX WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section
Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...
GHSA-HGJH-6WJ8-GCGF WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination
Unauthenticated Reflected XSS via $GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...
PT-2026-46894
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An unauthenticated Reflected Cross-Site Scripting XSS issue exists in the AVideo YouTubeAPI plugin. The problem occurs because the search query parameter is concatenated directly into the href attribut...
PT-2026-46895
Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description A stored Cross-Site Scripting XSS issue exists in the YouTubeAPI plugin. The plugin retrieves the snippet.title field from the YouTube Data API and renders it into the homepage gallery markup withou...