CVE-2022-32772

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6 and dev master commit 3f7c0364

Description A cross-site scripting issue exists in the footer alerts functionality. This is caused by a specially-crafted HTTP request that can lead to arbitrary Javascript execution. An attacker can exploit this by getting an authenticated user to send a crafted HTTP request. The issue arises from the msg parameter, which is inserted into the document with insufficient sanitization.

Recommendations For WWBN AVideo version 11.6, consider disabling the footer alerts functionality until a patch is available. For WWBN AVideo dev master commit 3f7c0364, restrict the use of the msg parameter in the footer alerts functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the msg parameter in the affected functionality until the issue is resolved.