Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wwbn avideo - vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-47861
A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to tri...
Wwbn Avideo 11.6
Wwbn Avideo 15fed957fb
6.5
CVSSv3
CVE-2023-47171
An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.
Wwbn Avideo 11.6
Wwbn Avideo 15fed957fb
6.1
CVSSv3
CVE-2023-48728
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to ...
Wwbn Avideo 11.6
Wwbn Avideo 3c6bb3ff
8.8
CVSSv3
CVE-2020-23489
The import.json.php file prior to 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.
Wwbn Avideo
1 Github repository
8.8
CVSSv3
CVE-2023-32073
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects ...
Wwbn Avideo
6.1
CVSSv3
CVE-2022-27462
Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo up to and including 11.6, via the yptDevice parameter to view/include/head.php.
Wwbn Avideo
6.1
CVSSv3
CVE-2022-27463
Open redirect vulnerability in objects/login.json.php in WWBN AVideo up to and including 11.6, allows malicious users to arbitrarily redirect users from a crafted url to the login page.
Wwbn Avideo
9.8
CVSSv3
CVE-2023-25313
OS injection vulnerability in World Wide Broadcast Network AVideo version prior to 12.4, allows malicious users to execute arbitrary code via the video link field to the Embed a video link feature.
Wwbn Avideo
8.8
CVSSv3
CVE-2021-21286
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All querie...
Wwbn Avideo
8.8
CVSSv3
CVE-2023-30854
AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows malicious users to achieve Remote Code Execution. This issue is fixed in version 12.4.
Wwbn Avideo
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »