CVE-2023-48728
published 2024-01-10CVE-2023-48728: A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A…
PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.27%
80.9th percentile
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wwbn | avideo | — | — |
| wwbn | avideo | — | — |
| wwbn | avideo | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to /objects/functiongetOpenGraph.php with a crafted videoName parameter containing XSS payload (e.g. --> or script injection) ↗
- →Response body contains both the injected payload string 'alert(document.domain)' and the string 'OpenGraph no video' when exploitation is attempted ↗
- →HTTP response status code is 200 or 500 and Content-Type header contains text/html for the vulnerable endpoint ↗
- →Shodan query 'html:"AVideo"' can be used to identify exposed AVideo instances potentially vulnerable to this CVE ↗
- ·Vulnerability affects WWBN AVideo version 11.6 and dev master commit 3c6bb3ff specifically; other versions may not be vulnerable ↗
- ·This is a reflected (not stored) XSS; exploitation requires a user to visit a specially crafted URL, limiting automated detection to network/proxy inspection of outbound requests ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wv3w-qq6q-g9j3: A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11
ghsa_unreviewed·2024-01-10
CVE-2023-48728 [CRITICAL] CWE-79 GHSA-wv3w-qq6q-g9j3: A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
VulnCheck
wwbn avideo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2023·CVSS 9.6
CVE-2023-48728 [CRITICAL] wwbn avideo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
wwbn avideo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Affected: wwbn avideo
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2023-48728
No detection rules found.
Nuclei
WWBN AVideo 11.6 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-48728 [MEDIUM] WWBN AVideo 11.6 - Cross-Site Scripting
WWBN AVideo 11.6 - Cross-Site Scripting
A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution.
Template:
id: CVE-2023-48728
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution.
impact: |
Successful exploitation could lead to unauthorized access to sensitive information or account takeover.
remediation: |
Sanitize and validate user input to prevent XSS attacks.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
blogs_talos·2024-01-17·CVSS 9.1
[CRITICAL] Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
## Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
Cisco Talos’ Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager.
Cisco ASIG also recently discovered an information disclosure vulnerability in DuoUniversalKeycloakAuthenticator, an authentication solution for Keycloak, an open-source identity and access management solution.
There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adh
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
blogs_talos·2024-01-17·CVSS 9.1
[CRITICAL] Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
Cisco Talos’ Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager.
Cisco ASIG also recently discovered an information disclosure vulnerability in DuoUniversalKeycloakAuthenticator, an authentication solution for Keycloak, an open-source identity and access management solution.
There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilit
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2024-01-10
Published
Exploited in the wild