CVE-2022-28712

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6 and dev master commit 3f7c0364

Description A cross-site scripting issue exists in the videoAddNew functionality, allowing arbitrary Javascript execution through a specially-crafted HTTP request. This can be triggered by getting an authenticated user to send the crafted request.

Recommendations For WWBN AVideo version 11.6, update to a version that fixes this issue. For WWBN AVideo dev master commit 3f7c0364, update to a commit that includes the fix for this issue. As a temporary workaround, consider restricting access to the videoAddNew functionality until a patch is available.