Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36548 | 1 Wwbn | 1 Avideo | 2025-08-07 | N/A | 8.3 HIGH |
| A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-41420 | 1 Wwbn | 1 Avideo | 2025-08-07 | N/A | 9.6 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-53084 | 1 Wwbn | 1 Avideo | 2025-07-29 | N/A | 9.0 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-50128 | 1 Wwbn | 1 Avideo | 2025-07-29 | N/A | 9.6 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-48732 | 1 Wwbn | 1 Avideo | 2025-07-29 | N/A | 7.3 HIGH |
| An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability. | |||||
| CVE-2025-46410 | 1 Wwbn | 1 Avideo | 2025-07-29 | N/A | 9.6 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-25214 | 1 Wwbn | 1 Avideo | 2025-07-28 | N/A | 8.8 HIGH |
| A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution. | |||||
| CVE-2024-34899 | 1 Wwbn | 1 Avideo | 2025-06-18 | N/A | 5.4 MEDIUM |
| WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2024-31819 | 1 Wwbn | 1 Avideo | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | |||||
| CVE-2023-25314 | 1 Wwbn | 1 Avideo | 2025-02-04 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | |||||
| CVE-2023-25313 | 1 Wwbn | 1 Avideo | 2025-02-03 | N/A | 9.8 CRITICAL |
| OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. | |||||
| CVE-2023-50172 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 5.3 MEDIUM |
| A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user. | |||||
| CVE-2023-49864 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter. | |||||
| CVE-2023-49863 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter. | |||||
| CVE-2023-49862 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter. | |||||
| CVE-2023-49810 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 7.3 HIGH |
| A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2023-49738 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | |||||
| CVE-2023-49715 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 4.3 MEDIUM |
| A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2023-49599 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 9.8 CRITICAL |
| An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user. | |||||
| CVE-2023-49589 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
| An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability. | |||||