Cross-Site Scripting (XSS)

2023-05-0912:49:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

vulnerability

wwbn/avideo

user-input sanitization

javascript execution

0.001 Low

EPSS

Percentile

34.7%

JSON

wwbn/avideo, is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of user-input sanitization in script.js which allows an attacker to inject and execute arbitrary JavaScript into the browser

CPENameOperatorVersion
wwbn/avideole11.6
wwbn/avideole11.6

CPE	Name	Operator	Version
	wwbn/avideo	le	11.6
	wwbn/avideo	le	11.6

References

github.com/advisories/GHSA-xr9h-p2rc-rpqm

github.com/WWBN/AVideo/commit/2b44dee815b208da85e1dcafa9839391c3de2655

github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm

youtu.be/Nke0Bmv5F-o

0.001 Low

EPSS

Percentile

34.7%

JSON

Related for VERACODE:40445