N/A

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

WWBN AVideo 跨站脚本漏洞

WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo 14.4版本存在跨站脚本漏洞，该漏洞源于userLogin cancelUri参数可能导致跨站脚本攻击。

N/A

N/A