Primary

Context

AVideo Open Redirect Vulnerability

Vulnerability

Patched

A open redirect vulnerability has been identified in AVideo versions prior to 20.0. This issue arises from inadequate validation of the cancelUri parameter during user login, allowing attackers to redirect users to arbitrary external sites and potentially facilitate phishing attacks.

Impact

Exploitation of this vulnerability could lead to open redirect, allowing for phishing attacks by redirecting users to malicious sites.

Remediation

Users can upgrade to AVideo version 20.0 or later, which includes a patch for this vulnerability. The update can be applied by following the instructions in the AVideo release notes.

Added: Dec 17, 2025, 8:28 PM

Updated: Dec 17, 2025, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.8

exploitability

7.2

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.8

exploitability

7.2

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVideo Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating