N/A

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

WWBN AVideo 跨站脚本漏洞

WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo 存在跨站脚本漏洞，该漏洞源于 functiongetOpenGraph videoName 方法存在跨站脚本（xss）漏洞。

N/A

N/A