Primary

Context

WWBN AVideo Cross-Site Scripting Vulnerability in PlaylistOwnerUsersId Parameter

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in WWBN AVideo versions 14.4 and the development master commit 8a8954ff. The issue arises in the managerPlaylists functionality, specifically within the PlaylistOwnerUsersId parameter. This vulnerability allows for arbitrary execution of JavaScript through a specially crafted HTTP request. An attacker could exploit this by tricking a user into visiting a webpage that triggers the XSS attack.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious JavaScript in the context of the user's browser. This could lead to compromising user accounts, particularly those of administrators.

Remediation

Users are advised to update to the patched version released by the vendor.

Added: Jul 24, 2025, 5:40 PM

Updated: Jul 24, 2025, 5:40 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

7.9

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

7.9

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WWBN AVideo Cross-Site Scripting Vulnerability in PlaylistOwnerUsersId Parameter

Vulnerability

Impact

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating