Name of the Vulnerable Software and Affected Versions AVideo (affected versions not specified)

Description The issue is related to a parameter success that does not properly sanitize symbol characters, leading to a potential XSS attack. This could allow an attacker to take over an admin's account, given the presence of an admin account on the demo site. The attack can be executed by manipulating the success parameter in a specific URL, such as "/user?success=">.

Recommendations As a temporary workaround, consider restricting access to the success parameter in the affected URL to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.