CVE-2025-50128
published 2025-07-24CVE-2025-50128: A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.76%
50.8th percentile
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_kernel_6.6.57.1-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.64.2-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.167.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.173.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| wwbn | avideo | — | — |
| wwbn | avideo | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_msrc7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rh7r-mcgw-hv69: A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14
ghsa_unreviewed·2025-07-24
CVE-2025-50128 [CRITICAL] CWE-79 GHSA-rh7r-mcgw-hv69: A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Microsoft
net: wwan: fix global oob in wwan_rtnl_policy
vendor_msrc·2024-11-12·CVSS 7.1
CVE-2024-50128 [HIGH] CWE-125 net: wwan: fix global oob in wwan_rtnl_policy
net: wwan: fix global oob in wwan_rtnl_policy
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft
No detection rules found.
No public exploits indexed.
Talos
WWBN, MedDream, Eclipse vulnerabilities
blogs_talos·2025-08-06·CVSS 8.8
[HIGH] WWBN, MedDream, Eclipse vulnerabilities
## WWBN, MedDream, Eclipse vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy .
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## WWBN XSS, race condition, incomplete blacklist vulnerabilities
Discovered by Claudio Bozzato of Cisco Talos.
WWBN AVideo is a video streaming platform with hosting, management, and video monetizat
Talos
WWBN, MedDream, Eclipse vulnerabilities
blogs_talos·2025-08-06·CVSS 8.8
[HIGH] WWBN, MedDream, Eclipse vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
## WWBN XSS, race condition, incomplete blacklist vulnerabilities
Discovered by Claudio Bozzato of Cisco Talos.
WWBN AVideo is a video streaming platform with hosting, management, and video monetization features.
Talos found five cross-site scri
2025-07-24
Published