CVE-2024-34899

Name of the Vulnerable Software and Affected Versions WWBN AVideo version 12.4

Description The issue is related to Cross Site Scripting (XSS) due to the lack of sanitization of the HTTP USER AGENT variable. In the view/about.php file, the website retrieves the user agent from the headers through $ SERVER['HTTP USER AGENT'] and echoes it without any sanitization, allowing an attacker to inject malicious scripts into the output of a web page. These scripts are then executed in the browser of anyone viewing that page.

Recommendations For WWBN AVideo version 12.4, consider sanitizing the HTTP USER AGENT variable in the view/about.php file to prevent XSS attacks. As a temporary workaround, restrict the output of the user agent information to minimize the risk of exploitation.