CVE-2023-48730 — Cross-site Scripting in Avideo

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.5%

top 35.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wwbn Avideo

Timeline

PublishedJan 10

Latest updateJan 17

Description

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5wwbn/avideodev master commit 15fed957fb

▶NVDwwbn/avideo15fed957fb

🔴Vulnerability Details

GHSA

GHSA-v6qj-8w6x-qqf5: A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo↗2024-01-10

▶

🕵️Threat Intelligence

Talos

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024↗2024-01-17

▶

Talos

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024↗2024-01-17

▶