https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm
CVE-2023-30860

8HIGH

Key Information:

Vendor: Wwbn
Status: Avideo
Vendor: CVE Published:; 8 May 2023

What is CVE-2023-30860?

The AVideo platform, an open source video solution, exhibits a Cross-Site Scripting vulnerability that affects users' ability to schedule meetings. Prior to version 12.4, a malicious user could exploit insufficient input sanitization when creating a Meeting Room, potentially injecting harmful scripts that could be executed within the context of other users’ sessions. This risk makes it possible for attackers to hijack cookies, leading to unauthorized access and control over user accounts, including those of administrators. Version 12.4 includes necessary patches to remediate this security concern.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AVideo = WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-x...

x_refsource_CONFIRM

https://youtu.be/Nke0Bmv5F-o

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 8, 2023
Vulnerability Reserved
Apr 18, 2023

JSON

Wwbn

What is CVE-2023-30860?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.