Description
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.
Exploits (1)
exploitdb
WORKING POC
by RedTeam Pentesting · textwebappsphp
https://www.exploit-db.com/exploits/18822
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81637
Exploit, Patch x_refsource_confirm
https://github.com/milesj/php-decoda/commit/104afad9d3cb1fbb766c4bc5b98e070a8a13fbd8
Scores
EPSS
0.0066
EPSS Percentile
71.4%
Details
CWE
CWE-79
Status
published
Products (12)
milesj/decoda
2.2
milesj/decoda
2.3
milesj/decoda
2.4
milesj/decoda
2.5
milesj/decoda
2.6
milesj/decoda
2.7
milesj/decoda
2.8
milesj/decoda
2.9
milesj/decoda
3.0
milesj/decoda
3.1
... and 2 more
Published
Jul 03, 2012
Tracked Since
Feb 18, 2026