CVE-2025-46410

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-46410
Type cve
Published 2025-07-24T15:11:06.165Z
Modified 2025-07-24T15:29:21.895Z

Product Information

Vendor WWBN
Product AVideo
Version 14.4

CVSS Information

Base Score 9.6 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Analysis

AI Description A critical cross-site scripting (XSS) vulnerability in WWBN AVideo’s managerPlaylists functionality allows arbitrary JavaScript execution via a crafted HTTP request. An attacker can exploit this by tricking a user into visiting a malicious webpage.
AI Severity Critical
AI Vendor WWBN
AI Product AVideo
AI Version 14.4, dev master commit 8a8954ff

Affected Products

  • WWBN AVideo 14.4
  • WWBN AVideo dev master commit 8a8954ff

Additional Information

CWE List CWE-79
Source talos

Description

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.