Wwbn

Avideo

206 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-34441

  • EPSS 0.73%
  • Veröffentlicht 17.12.2025 19:48:09
  • Zuletzt bearbeitet 19.12.2025 19:15:51

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

6.1

CVE-2025-46410

Exploit
  • EPSS 0.76%
  • Veröffentlicht 24.07.2025 15:11:06
  • Zuletzt bearbeitet 03.11.2025 20:19:05

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An...

6.1

CVE-2025-53084

Exploit
  • EPSS 0.7%
  • Veröffentlicht 24.07.2025 15:11:04
  • Zuletzt bearbeitet 03.11.2025 20:19:13

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us...

6.1

CVE-2025-50128

Exploit
  • EPSS 0.76%
  • Veröffentlicht 24.07.2025 15:11:03
  • Zuletzt bearbeitet 03.11.2025 20:19:12

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker ca...

9.6

CVE-2025-36548

Exploit
  • EPSS 1%
  • Veröffentlicht 24.07.2025 15:11:01
  • Zuletzt bearbeitet 03.11.2025 20:18:30

A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An at...

9.6

CVE-2025-41420

Exploit
  • EPSS 1.12%
  • Veröffentlicht 24.07.2025 15:11:00
  • Zuletzt bearbeitet 03.11.2025 20:18:48

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get ...

7.5

CVE-2025-25214

Exploit
  • EPSS 0.97%
  • Veröffentlicht 24.07.2025 15:10:58
  • Zuletzt bearbeitet 03.11.2025 20:17:57

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.

9.8

CVE-2025-48732

Exploit
  • EPSS 1.09%
  • Veröffentlicht 24.07.2025 15:10:56
  • Zuletzt bearbeitet 03.11.2025 20:19:07

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

5.4

CVE-2024-34899

Exploit
  • EPSS 0.46%
  • Veröffentlicht 14.05.2024 15:39:37
  • Zuletzt bearbeitet 18.06.2025 17:41:45

WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).

9.8

CVE-2024-31819

Exploit
  • EPSS 15.64%
  • Veröffentlicht 10.04.2024 20:15:08
  • Zuletzt bearbeitet 17.06.2025 20:56:26

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.