EPSS
Percentile
33.5%
wwbn/avideo is vulnerable to cross-site scripting. The getDeviceID method does not properly handle the $device parameter, allowing an attacker to inject malicious script into victim’s browser via yptDevice to view/include/head.php.
$device
yptDevice
view/include/head.php
avideo.tube/
github.com/WWBN/AVideo/commit/3722335f808484e6bfb5e71028fedddd942add4a