Vulnerability Database

324,829

Total vulnerabilities in the database

Cross site scripting (XSS) in wwbn/avideo

Description:

While making an account in demo.avideo.com I found a parameter "?success=" which did not sanitize any symbol character properly which leads to XSS attack.

Impact:

Since there's an Admin account on demo.avideo.com attacker can use this attack to Takeover the admin's account

Step to Reproduce:

Click the link below

https://demo.avideo.com/user?success="><img src=x onerror=alert(document.cookie)>

Then XSS will be executed

Published: Apr 26, 2023
Updated: Apr 27, 2023
GHSA: GHSA-2fch-hv74-fgw9
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
wwbn / avideo	-	12.4

https://github.com/WWBN/AVideo/security/advisories/GHSA-2fch-hv74-fgw9

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo