Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-32770Cross-site Scripting in Avideo

CWE-79Cross-site Scripting7 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
14.4%
top 5.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Wwbn Avideo
Timeline
PublishedAug 22
Latest updateJun 22

Description

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "toast" parameter which is inserted into the document with insufficient sanitization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5wwbn/avideodev master commit 3f7c0364
NVDwwbn/avideo11.6

🔴Vulnerability Details

1
GHSA
GHSA-7vp2-4576-rw5v: A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 112022-08-23

💥Exploits & PoCs

1
Nuclei
WWBN AVideo 11.6 - Cross-Site Scripting

🕵️Threat Intelligence

3
Talos
Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass2022-08-16
Talos
Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass2022-08-16
Greynoiseio
NoiseLetter September 2025

💬Community

1
HackerOne
Reflected Cross-Site Scripting(CVE-2022-32770 )2023-06-22