CVE-2023-47861

Name of the Vulnerable Software and Affected Versions WWBN AVideo version 11.6 WWBN AVideo dev master commit 15fed957fb

Description A cross-site scripting (xss) issue exists in the channelBody.php user name functionality. This allows arbitrary Javascript execution through a specially crafted HTTP request. An attacker can trigger this issue by getting a user to visit a malicious webpage.

Recommendations For WWBN AVideo version 11.6, update to a version that fixes this issue. For WWBN AVideo dev master commit 15fed957fb, avoid using the vulnerable channelBody.php user name functionality until a patch is available. As a temporary workaround, consider restricting access to the channelBody.php file to minimize the risk of exploitation.