wwbn

197 tracked vulnerabilities.

CVE-2023-49863 MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_webpimage Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-49862 MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_gifimage Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-49810 HIGH
WWBN AVideo - Login Attempt Restriction Bypass via Captcha Bypass
Jan 10, 2024
CVSS 7.3
EPSS 0.00
CVE-2023-49738 HIGH
WWBN AVideo - Arbitrary File Read via image404Raw.php
Jan 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-49715 MEDIUM
WWBN AVideo - Unrestricted PHP File Upload via import.json.php Temporary Copy
Jan 10, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-49599 CRITICAL
WWBN AVideo - Insufficient Entropy in Salt Generation
Jan 10, 2024
CVSS 9.8
EPSS 0.00
CVE-2023-49589 HIGH
WWBN AVideo - Weak Password Recovery Mechanism in userRecoverPass.php
Jan 10, 2024
CVSS 8.8
EPSS 0.00
CVE-2023-48730 HIGH
WWBN AVideo - Stored Cross-Site Scripting in Navbar Menu User Name
Jan 10, 2024
CVSS 8.5
EPSS 0.00
CVE-2023-48728 CRITICAL NUCLEI
WWBN AVideo 11.6 and dev master commit 3c6bb3ff - Cross-Site Scripting via getOpenGraph videoName Function
Jan 10, 2024
CVSS 9.6
EPSS 0.17
CVE-2023-47862 CRITICAL
WWBN AVideo - Local File Inclusion and Remote Code Execution via getLanguageFromBrowser
Jan 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-47861 CRITICAL
WWBN AVideo 11.6 and dev master commit 15fed957fb - Cross-Site Scripting in channelBody.php User Name
Jan 10, 2024
CVSS 9.0
EPSS 0.00
CVE-2023-47171 MEDIUM
WWBN AVideo 11.6 and dev master commit 15fed957fb - Arbitrary File Read via aVideoEncoder.json.php chunkFile Path
Jan 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-32073 HIGH
WWBN AVideo < 12.4 - Remote Code Execution via CloneSite Plugin
May 12, 2023
CVSS 8.8
EPSS 0.21
CVE-2023-30860 HIGH
WWBN AVideo < 12.4 - Stored Cross-Site Scripting via Meeting Room Creation
May 08, 2023
CVSS 8.0
EPSS 0.04
CVE-2023-30854 HIGH
AVideo < 12.4 - Authenticated Remote Code Execution via CloneSite Plugin Endpoint
Apr 28, 2023
CVSS 8.8
EPSS 0.37
CVE-2023-25314 MEDIUM
AVideo < 12.4 - Cross-Site Scripting via User Success Parameter
Apr 25, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-25313 CRITICAL
AVideo < 12.4 - OS Command Injection via Video Link Embed Feature
Apr 25, 2023
CVSS 9.8
EPSS 0.09
CVE-2022-34652 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - SQL Injection via Live Schedules Description Parameter
Aug 22, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-33149 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
Aug 22, 2022
CVSS 8.8
EPSS 0.03
CVE-2022-33148 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
Aug 22, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-33147 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
Aug 22, 2022
CVSS 8.8
EPSS 0.03
CVE-2022-32778 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Information Disclosure via Cookie HttpOnly Flag Missing
Aug 22, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-32777 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Information Disclosure via Session Cookie
Aug 22, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-32772 MEDIUM NUCLEI
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Scripting via Footer Alerts msg Parameter
Aug 22, 2022
CVSS 6.1
EPSS 0.08
CVE-2022-32771 MEDIUM NUCLEI
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Scripting via Footer Alerts Success Parameter
Aug 22, 2022
CVSS 6.1
EPSS 0.10
Products
avideo 195 AVideo 124 avideo-encoder 3 AVideo-Encoder 2
Quick Filters
Critical CVEs With Exploits In CISA KEV