PT-2025-30676 · Wwbn+1 · Avideo+1
Claudio Bozzato
·
Published
2025-07-24
·
Updated
2025-07-29
·
CVE-2025-36548
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WWBN AVideo version 14.4
WWBN AVideo dev master commit 8a8954ff
Description
A cross-site scripting (xss) issue exists in the LoginWordPress loginForm
cancelUri parameter functionality. A crafted HTTP request can lead to arbitrary Javascript execution. An attacker can trigger this issue by getting a user to visit a webpage.Recommendations
For WWBN AVideo version 14.4, sanitize or encode the
cancelUri parameter to prevent the injection of malicious scripts.
For WWBN AVideo dev master commit 8a8954ff, sanitize or encode the cancelUri parameter to prevent the injection of malicious scripts.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avideo
Loginwordpress