wwbn

207 tracked vulnerabilities.

CVE-2023-25314 MEDIUM
AVideo < 12.4 - Cross-Site Scripting via User Success Parameter
Apr 25, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-25313 CRITICAL
AVideo < 12.4 - OS Command Injection via Video Link Embed Feature
Apr 25, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-34652 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - SQL Injection via Live Schedules Description Parameter
Aug 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-33149 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
Aug 22, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-33148 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
Aug 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-33147 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
Aug 22, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-32778 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Information Disclosure via Cookie HttpOnly Flag Missing
Aug 22, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-32777 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Information Disclosure via Session Cookie
Aug 22, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-32772 MEDIUM NUCLEI
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Scripting via Footer Alerts msg Parameter
Aug 22, 2022
CVSS 6.1
EPSS 0.03
CVE-2022-32771 MEDIUM NUCLEI
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Scripting via Footer Alerts Success Parameter
Aug 22, 2022
CVSS 6.1
EPSS 0.03
CVE-2022-32770 MEDIUM NUCLEI
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Scripting via Footer Alerts Toast Parameter
Aug 22, 2022
CVSS 6.1
EPSS 0.03
CVE-2022-32769 MEDIUM
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Authenticated Authentication Bypass via Playlists Plugin ID Handling
Aug 22, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-32768 MEDIUM
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Authentication Bypass via Live Schedules Plugin ID Guessing
Aug 22, 2022
CVSS 4.2
EPSS 0.01
CVE-2022-32761 MEDIUM
WWBN AVideo 11.6 and dev master - Arbitrary File Read via aVideoEncoderReceiveImage
Aug 22, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-32572 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - OS Command Injection via aVideoEncoder wget Functionality
Aug 22, 2022
CVSS 8.8
EPSS 0.23
CVE-2022-32282 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Improper Authentication via Password Hash
Aug 22, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-30690 MEDIUM
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Scripting in Image403 Functionality
Aug 22, 2022
CVSS 6.1
EPSS 0.84
CVE-2022-30605 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Session Fixation via Crafted HTTP Request
Aug 22, 2022
CVSS 8.8
EPSS 0.04
CVE-2022-30547 CRITICAL
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Path Traversal and Arbitrary Command Execution via unzipDirectory
Aug 22, 2022
CVSS 9.9
EPSS 0.64
CVE-2022-30534 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - OS Command Injection via aVideoEncoder Chunkfile Functionality
Aug 22, 2022
CVSS 8.8
EPSS 0.74
CVE-2022-29468 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Request Forgery
Aug 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28712 CRITICAL
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Scripting in videoAddNew Functionality
Aug 22, 2022
CVSS 9.0
EPSS 0.02
CVE-2022-28710 MEDIUM
WWBN AVideo <11.6 - Info Disclosure
Aug 22, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-26842 CRITICAL
WWBN AVideo 11.6 and dev master - Reflected Cross-Site Scripting in Charts Tab Selection
Aug 22, 2022
CVSS 9.6
EPSS 0.03
CVE-2022-27463 MEDIUM
WWBN AVideo < 11.6 - Open Redirect via Login Endpoint
Apr 05, 2022
CVSS 6.1
EPSS 0.01