Primary

Context

AVideo Open Redirect Vulnerability in User Registration

Vulnerability

Patched

A open redirect vulnerability has been identified in AVideo versions prior to 20.0. This vulnerability arises from inadequate validation of the siteRedirectUri parameter during user registration, allowing attackers to redirect users to external sites and potentially facilitate phishing attacks.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to untrusted sites, increasing the risk of phishing attacks.

Reproduction

To reproduce this vulnerability, register a new user account and include a malicious URL in the siteRedirectUri parameter. The application will redirect the user to the specified URL, bypassing security measures.

Remediation

Users can upgrade to AVideo version 20.0 or later, where this vulnerability has been addressed.

Added: Dec 17, 2025, 8:27 PM

Updated: Dec 17, 2025, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

1.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

1.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVideo Open Redirect Vulnerability in User Registration

Vulnerability

Impact

Reproduction

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating