
We found results for “”
CVE-2023-48728
Good to know:

Date: January 10, 2024
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version wwbn/avideo - dev-dependabot/composer/aws/aws-sdk-php-3.261.4;wwbn/avideo - dev-akhilleusuggo-patch-11;wwbn/avideo - 14.3;wwbn/avideo - dev-akhilleusuggo-patch-12;wwbn/avideo - dev-dependabot/composer/stripe/stripe-php-10.12.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |