Vulnerability Details CVE-2025-41420
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.6%
CVSS Severity
CVSS v3 Score 9.6
Products affected by CVE-2025-41420
-
cpe:2.3:a:wwbn:avideo:14.4