Cross-Site Scripting Vulnerability in WWBN AVideo Product
CVE-2022-28712

9CRITICAL

Key Information:

Vendor

Wwbn

Status
Avideo
Vendor
CVE Published:
22 August 2022

What is CVE-2022-28712?

A cross-site scripting vulnerability has been identified in the videoAddNew functionality of WWBN AVideo version 11.6 and the development master branch. This vulnerability allows an attacker to exploit a specially-crafted HTTP request, leading to arbitrary JavaScript execution in the context of an authenticated user. By successfully tricking a user into sending this malicious request, an attacker could potentially execute harmful scripts, thus compromising user sessions and sensitive data. It's crucial for users of affected AVideo versions to implement security measures and updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AVideo 11.6

AVideo dev master commit 3f7c0364

References

https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a...
x_refsource_CONFIRM
https://talosintelligence.com/vulnerability_reports/TALOS...
x_refsource_MISC

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.