Filtered by vendor Wwbn
Subscriptions
Filtered by product Avideo
Subscriptions
Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53084 | 1 Wwbn | 1 Avideo | 2025-11-03 | 9 Critical |
| A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-50128 | 1 Wwbn | 1 Avideo | 2025-11-03 | 9.6 Critical |
| A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-48732 | 1 Wwbn | 1 Avideo | 2025-11-03 | 7.3 High |
| An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability. | ||||
| CVE-2025-46410 | 1 Wwbn | 1 Avideo | 2025-11-03 | 9.6 Critical |
| A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-41420 | 1 Wwbn | 1 Avideo | 2025-11-03 | 9.6 Critical |
| A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-36548 | 1 Wwbn | 1 Avideo | 2025-11-03 | 8.3 High |
| A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2025-25214 | 1 Wwbn | 1 Avideo | 2025-11-03 | 8.8 High |
| A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution. | ||||
| CVE-2024-34899 | 1 Wwbn | 1 Avideo | 2025-06-18 | 5.4 Medium |
| WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2024-31819 | 1 Wwbn | 1 Avideo | 2025-06-17 | 9.8 Critical |
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | ||||
| CVE-2022-26842 | 1 Wwbn | 1 Avideo | 2025-04-15 | 9.6 Critical |
| A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | ||||
| CVE-2022-28710 | 1 Wwbn | 1 Avideo | 2025-04-15 | 6.5 Medium |
| An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-28712 | 1 Wwbn | 1 Avideo | 2025-04-15 | 9.0 Critical |
| A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | ||||
| CVE-2022-29468 | 1 Wwbn | 1 Avideo | 2025-04-15 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | ||||
| CVE-2022-30534 | 1 Wwbn | 1 Avideo | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-30547 | 1 Wwbn | 1 Avideo | 2025-04-15 | 9.9 Critical |
| A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-30605 | 1 Wwbn | 1 Avideo | 2025-04-15 | 8.8 High |
| A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | ||||
| CVE-2022-30690 | 1 Wwbn | 1 Avideo | 2025-04-15 | 6.1 Medium |
| A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | ||||
| CVE-2022-32282 | 1 Wwbn | 1 Avideo | 2025-04-15 | 8.8 High |
| An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges. | ||||
| CVE-2022-32572 | 1 Wwbn | 1 Avideo | 2025-04-15 | 8.8 High |
| An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-32761 | 1 Wwbn | 1 Avideo | 2025-04-15 | 6.5 Medium |
| An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||