CVE-2022-32770

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6 and dev master commit 3f7c0364

Description A cross-site scripting (xss) vulnerability exists in the footer alerts functionality. This issue allows for arbitrary Javascript execution through a specially-crafted HTTP request. An attacker can exploit this by getting an authenticated user to send a crafted HTTP request. The vulnerability arises from the toast parameter, which is inserted into the document with insufficient sanitization.

Recommendations For WWBN AVideo version 11.6, consider disabling the footer alerts functionality until a patch is available. For WWBN AVideo dev master commit 3f7c0364, restrict the use of the toast parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the toast parameter in the affected functionality until the issue is resolved.