Vulnerabilities > Wwbn > Avideo > 10.1

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-32073 Command Injection vulnerability in Wwbn Avideo
WWBN AVideo is an open source video platform.
network
low complexity
wwbn CWE-77
8.8
2023-05-08 CVE-2023-30860 Cross-site Scripting vulnerability in Wwbn Avideo
WWBN AVideo is an open source video platform.
network
low complexity
wwbn CWE-79
5.4
2023-04-28 CVE-2023-30854 OS Command Injection vulnerability in Wwbn Avideo
AVideo is an open source video platform.
network
low complexity
wwbn CWE-78
8.8
2023-04-25 CVE-2023-25313 OS Command Injection vulnerability in Wwbn Avideo
OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.
network
low complexity
wwbn CWE-78
critical
9.8
2023-04-25 CVE-2023-25314 Cross-site Scripting vulnerability in Wwbn Avideo
Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.
network
low complexity
wwbn CWE-79
6.1
2022-04-05 CVE-2022-27462 Cross-site Scripting vulnerability in Wwbn Avideo 10.1/10.2/8.9
Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.
network
wwbn CWE-79
4.3
2022-04-05 CVE-2022-27463 Open Redirect vulnerability in Wwbn Avideo 10.1/10.2/8.9
Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.
network
wwbn CWE-601
5.8
2021-02-01 CVE-2021-21286 Incorrect Authorization vulnerability in Wwbn Avideo 10.1/8.9
AVideo Platform is an open-source Audio and Video platform.
network
low complexity
wwbn CWE-863
6.5