PT-2026-51177 · Wwbn · Avideo
Adrgs
·
Published
2026-06-20
·
Updated
2026-06-20
·
CVE-2026-56347
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AVideo TopMenu plugin versions prior to 26.1
Description
A stored cross-site scripting issue exists in menu item rendering caused by missing output encoding of icon classes, URLs, and text labels. This allows attackers to inject malicious JavaScript through unescaped menu item fields, which then executes for all site visitors. This can lead to the theft of session cookies or the performance of unauthorized actions.
Recommendations
Update the AVideo TopMenu plugin to a version later than 26.0.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avideo