Wwbn

Avideo

164 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-48728

Exploit
  • EPSS 17.35%
  • Veröffentlicht 10.01.2024 16:15:47
  • Zuletzt bearbeitet 04.11.2025 19:16:07

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get...

5.4

CVE-2023-48730

  • EPSS 0.48%
  • Veröffentlicht 10.01.2024 16:15:47
  • Zuletzt bearbeitet 04.11.2025 19:16:07

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a use...

8.8

CVE-2023-32073

Exploit
  • EPSS 5.59%
  • Veröffentlicht 12.05.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:02:39

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for ...

5.4

CVE-2023-30860

Exploit
  • EPSS 3.63%
  • Veröffentlicht 08.05.2023 19:15:12
  • Zuletzt bearbeitet 21.11.2024 08:00:59

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating ...

8.8

CVE-2023-30854

Exploit
  • EPSS 70.21%
  • Veröffentlicht 28.04.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:00:58

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in vers...

9.8

CVE-2023-25313

Exploit
  • EPSS 2.27%
  • Veröffentlicht 25.04.2023 16:15:09
  • Zuletzt bearbeitet 03.02.2025 19:15:10

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.

6.1

CVE-2023-25314

  • EPSS 0.11%
  • Veröffentlicht 25.04.2023 16:15:09
  • Zuletzt bearbeitet 04.02.2025 17:15:11

Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.

8.8

CVE-2022-30605

Exploit
  • EPSS 0.75%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:03:00

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a cra...

6.1

CVE-2022-30690

Exploit
  • EPSS 14.55%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:03:10

A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user...

8.8

CVE-2022-32282

Exploit
  • EPSS 0.54%
  • Veröffentlicht 22.08.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:05

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.