CVE-2022-28712 — Cross-site Scripting in Avideo
Severity
9.0CRITICALNVD
EPSS
3.5%
top 12.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 22
Latest updateAug 23
Description
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0
Affected Packages2 packages
🔴Vulnerability Details
1GHSA▶
GHSA-xfqf-929q-6w4c: A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11↗2022-08-23