Vulnerabilities > Wwbn > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2023-25314 | Cross-site Scripting vulnerability in Wwbn Avideo Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | 6.1 |
| 2022-04-05 | CVE-2022-27462 | Cross-site Scripting vulnerability in Wwbn Avideo 10.1/10.2/8.9 Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. | 4.3 |
| 2022-04-05 | CVE-2022-27463 | Open Redirect vulnerability in Wwbn Avideo 10.1/10.2/8.9 Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. | 5.8 |
| 2021-02-01 | CVE-2021-21286 | Incorrect Authorization vulnerability in Wwbn Avideo 10.1/8.9 AVideo Platform is an open-source Audio and Video platform. | 6.5 |
| 2020-11-16 | CVE-2020-23490 | Information Exposure vulnerability in Wwbn Avideo There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. | 5.0 |
| 2020-11-16 | CVE-2020-23489 | Improper Privilege Management vulnerability in Wwbn Avideo The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. | 6.5 |