Vulnerabilities > Wwbn > Avideo > 11.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-27462 | Cross-site Scripting vulnerability in Wwbn Avideo Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. | 6.1 |
| 2022-04-05 | CVE-2022-27463 | Open Redirect vulnerability in Wwbn Avideo Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. | 6.1 |