CVE-2022-26842

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6 and dev master commit 3f7c0364

Description A reflected cross-site scripting issue exists in the charts tab selection functionality. This can be triggered by a specially-crafted HTTP request, leading to arbitrary Javascript execution. An attacker can exploit this by getting an authenticated user to send a crafted HTTP request.

Recommendations For WWBN AVideo version 11.6, update to a version that fixes this issue. For WWBN AVideo dev master commit 3f7c0364, apply the necessary patch or commit changes to resolve the reflected cross-site scripting issue in the charts tab selection functionality.