A cross-site scripting (xss) vulnerability exists in the...
Critical severity
Unreviewed
Published
Aug 23, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Aug 22, 2022
Published to the GitHub Advisory Database
Aug 23, 2022
Last updated
Jan 31, 2023
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
References