CVE-2023-48728

CRITICAL EXPLOITED NUCLEI

WWBN AVideo <11.6 - XSS

Title source: llm

Description

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

Nuclei Templates (1)

WWBN AVideo 11.6 - Cross-Site Scripting

MEDIUMVERIFIEDby ritikchaddha

Shodan: html:"AVideo"

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1883

Scores

CVSS v3 9.6

EPSS 0.1735

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2025-06-07

CWE

CWE-79

Status published

Products (2)

wwbn/avideo 3c6bb3ff

wwbn/avideo 11.6

Published Jan 10, 2024

Tracked Since Feb 18, 2026