CVE-2024-34899 — Cross-site Scripting in Avideo

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 74.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 14

Latest updateMay 20

Description

WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶Packagistwwbn/avideo< 14.3

▶NVDwwbn/avideo10.4 — 12.4

OSV

AVideo cross-site scripting vulnerability in the view/about.php page↗2024-05-20

▶

GHSA

AVideo cross-site scripting vulnerability in the view/about.php page↗2024-05-20

▶