Stored XSS Vulnerability in AVideo by WWBN
CVE-2026-47694

5.4MEDIUM

Key Information:

Vendor: Wwbn
Status: Avideo
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-47694?

AVideo, an open source video platform developed by WWBN, contains a vulnerability where user input for category descriptions is stored and later rendered as raw HTML in the Gallery view. This flaw allows users with permissions to create or edit categories to inject malicious JavaScript into the descriptions, which can execute in the browser of any user viewing the affected category page. This represents a stored XSS vulnerability, enabling potential exploitation separate from prior XSS issues in video titles or comments.

Affected Version(s)

AVideo <= 29.0

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-c...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-47694 Data

JSON

Wwbn

What is CVE-2026-47694?

Affected Version(s)

References

CVSS V3.1

Timeline