Vulnerabilities > Wwbn
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-49862 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2024-01-10 | CVE-2023-49863 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2024-01-10 | CVE-2023-49864 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo Devmastercommit15Fed957Fb An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2024-01-10 | CVE-2023-50172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wwbn Avideo 15Fed957Fb A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. | 5.3 |
| 2023-05-12 | CVE-2023-32073 | Command Injection vulnerability in Wwbn Avideo WWBN AVideo is an open source video platform. | 8.8 |
| 2023-05-08 | CVE-2023-30860 | Cross-site Scripting vulnerability in Wwbn Avideo WWBN AVideo is an open source video platform. | 5.4 |
| 2023-04-28 | CVE-2023-30854 | OS Command Injection vulnerability in Wwbn Avideo AVideo is an open source video platform. | 8.8 |
| 2023-04-25 | CVE-2023-25313 | OS Command Injection vulnerability in Wwbn Avideo OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. | 9.8 |
| 2023-04-25 | CVE-2023-25314 | Cross-site Scripting vulnerability in Wwbn Avideo Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | 6.1 |
| 2022-08-22 | CVE-2022-26842 | Cross-site Scripting vulnerability in Wwbn Avideo 11.6 A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 9.6 |