CVE-2022-32770
CVE-2022-32770
In short
A vulnerability in AVideo 11.6 allows attackers to inject malicious JavaScript code through the footer alerts feature. If a user clicks a specially crafted link, the attacker's code runs in their browser and can steal data or perform actions on their behalf.
Technical detail
Cross-site scripting (XSS) vulnerability in the toast parameter of WWBN AVideo 11.6 and dev master (commit 3f7c0364) footer alerts functionality. The parameter is inserted into the DOM with insufficient sanitization, allowing authenticated users to be tricked into sending crafted HTTP requests that execute arbitrary JavaScript in the victim's browser context.
Summary generated and translated by AI from the official description.
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "toast" parameter which is inserted into the document with insufficient sanitization.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
WWBN · AVideoWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →