WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
5.4
EPSS Score
0.001
Published
2024-05-14
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.
CVSS Score
9.8
EPSS Score
0.815
Published
2024-04-10
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.
CVSS Score
8.8
EPSS Score
0.034
Published
2023-05-12