CVE-2025-62613

CVSS v4.0

6.9

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions VDO.Ninja versions 28.0 through 28.3

Description VDO.Ninja is a tool used to integrate remote video feeds into studio software via WebRTC. A reflected Cross-Site Scripting (XSS) issue exists in the examples/control.html file through the

room

parameter. The application does not properly sanitize input before rendering it in the Document Object Model (DOM), which allows for the injection and execution of malicious scripts.

Recommendations Update to version 28.4 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-62613

GHSA-MP9C-CPCH-X73C

Affected Products

Vdo.Ninja

CVE-2025-62613

Weakness Enumeration

Related Identifiers

Affected Products

References · 8