Gonzxph

**Name of the Vulnerable Software and Affected Versions** AVideo versions prior to 12.4 **Description** The issue arises from the failure to properly sanitize malicious characters when creating a Meeting Room in AVideo, allowing an attacker to insert malicious scripts. This can lead to cookie hijacking and takeover of any accounts, including those of administrators, as any user can see the meeting room created by the attacker. **Recommendations** For versions prior to 12.4, update to version 12.4 to resolve the issue. As a temporary workaround, consider restricting access to the Meeting Schedule feature until the update is applied. Additionally, avoid using the "Meet topic" field for any potentially malicious input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** World Wide Broadcast Network AVideo versions prior to 12.4 **Description** The issue allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. An attacker could execute remote code on a system running wwbn/avideo by appending a command to the URL as a query string, for example, `?whoami`, and then clicking Save. This can be done by going to the `My Videos` tab, clicking "Embed a video link", and then appending the malicious query string. **Recommendations** For versions prior to 12.4, update to version 12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Embed a video link" feature in the `My Videos` tab until the update is applied. Avoid using the video link field to execute arbitrary commands until the issue is resolved.