CVE-2025-53084

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 14.4 and dev master commit 8a8954ff

Description A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution, potentially allowing an attacker to execute malicious code when a user visits a webpage.

Recommendations WWBN AVideo version 14.4: Address the vulnerability in the videosList page parameter functionality to prevent arbitrary Javascript execution. WWBN AVideo dev master commit 8a8954ff: Address the vulnerability in the videosList page parameter functionality to prevent arbitrary Javascript execution.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-53084

Affected Products

Avideo

CVE-2025-53084

Weakness Enumeration

Related Identifiers

Affected Products

References · 7