Wwbn

Avideo

55 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-46410

Exploit
  • EPSS 0.13%
  • Published 24.07.2025 15:11:06
  • Last modified 29.07.2025 16:29:27

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An...

6.1

CVE-2025-53084

Exploit
  • EPSS 0.1%
  • Published 24.07.2025 15:11:04
  • Last modified 29.07.2025 17:00:48

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us...

6.1

CVE-2025-50128

Exploit
  • EPSS 0.13%
  • Published 24.07.2025 15:11:03
  • Last modified 29.07.2025 16:57:47

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker ca...

9.6

CVE-2025-36548

Exploit
  • EPSS 0.17%
  • Published 24.07.2025 15:11:01
  • Last modified 07.08.2025 14:35:11

A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An at...

9.6

CVE-2025-41420

Exploit
  • EPSS 0.17%
  • Published 24.07.2025 15:11:00
  • Last modified 07.08.2025 14:34:50

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get ...

7.5

CVE-2025-25214

Exploit
  • EPSS 0.68%
  • Published 24.07.2025 15:10:58
  • Last modified 28.07.2025 17:09:28

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.

9.8

CVE-2025-48732

Exploit
  • EPSS 1.47%
  • Published 24.07.2025 15:10:56
  • Last modified 29.07.2025 16:52:21

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

5.4

CVE-2024-34899

Exploit
  • EPSS 0.12%
  • Published 14.05.2024 15:39:37
  • Last modified 18.06.2025 17:41:45

WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).

9.8

CVE-2024-31819

Exploit
  • EPSS 80.42%
  • Published 10.04.2024 20:15:08
  • Last modified 17.06.2025 20:56:26

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

5.3

CVE-2023-50172

Exploit
  • EPSS 0.18%
  • Published 10.01.2024 16:15:49
  • Last modified 21.11.2024 08:36:36

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for ...