Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-48728 — Cross-site Scripting in Avideo

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

6.1MEDIUMNVD

VulnCheck9.6

EPSS

17.4%

top 4.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wwbn Avideo

Timeline

PublishedJan 10

Latest updateJan 17

Description

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5wwbn/avideodev master commit 3c6bb3ff

▶NVDwwbn/avideo11.6, 3c6bb3ff+1

🔴Vulnerability Details

GHSA

GHSA-wv3w-qq6q-g9j3: A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11↗2024-01-10

▶

VulnCheck

wwbn avideo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2023

▶

💥Exploits & PoCs

Nuclei

WWBN AVideo 11.6 - Cross-Site Scripting

▶

🕵️Threat Intelligence

Talos

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024↗2024-01-17

▶

Talos

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024↗2024-01-17

▶

Greynoiseio

NoiseLetter October 2025↗

▶