Proochicken

**Name of the Vulnerable Software and Affected Versions** AVideo versions 29.0 and earlier **Description** AVideo stores category descriptions from user input and renders the `category description` variable as raw HTML in the Gallery view. A user with permissions to create or edit categories can inject JavaScript into the `description` field, which then executes when another user or administrator views the affected Gallery or category page. This stored Cross-Site Scripting (XSS) occurs because the value is rendered without proper output encoding or sanitization in the `plugin/Gallery/view/mainAreaCategory.php` file. An attacker can use this to perform actions as the victim, steal same-origin data, or abuse administrative UI actions. **Recommendations** For versions 29.0 and earlier, sanitize category descriptions on input using the same HTML policy as video descriptions or store them as plain text. Additionally, encode the output using `htmlspecialchars()` or process the description through HTMLPurifier before storage or rendering.

**Name of the Vulnerable Software and Affected Versions** AVideo versions 29.0 and earlier **Description** An issue exists in the 'plugin/AuthorizeNet/processPayment.json.php' endpoint that allows any logged-in user to add arbitrary funds to their own wallet when the AuthorizeNet and YPTWallet plugins are enabled. The endpoint credits the user's wallet based solely on the attacker-controlled `amount` POST parameter without validating any Authorize.Net transaction, webhook signature, hosted payment token, nonce, or server-side payment record. This occurs because the endpoint hardcodes the `$paymentSuccess` variable to true and calls the `addBalance()` function of the YPTWallet plugin without performing actual payment verification. **Recommendations** For versions 29.0 and earlier, remove or disable the 'plugin/AuthorizeNet/processPayment.json.php' file if it is obsolete. Implement a verified Authorize.Net transaction ID and server-side amount lookup before calling the `addBalance()` function. As a temporary mitigation, disable the AuthorizeNet or YPTWallet plugins to prevent unauthorized wallet credits.