CVE Details
Basic Information
| Title | CVE-2025-53084 |
|---|---|
| Type | cve |
| Published | 2025-07-24T15:11:04.747Z |
| Modified | 2025-07-24T15:28:31.965Z |
Product Information
| Vendor | WWBN |
|---|---|
| Product | AVideo |
| Version | 14.4 |
CVSS Information
| Base Score | 9.0 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
AI Analysis
| AI Description | A critical cross-site scripting (XSS) vulnerability exists in the videosList page of WWBN AVideo versions 14.4 and dev master commit 8a8954ff. This allows arbitrary JavaScript execution via crafted HTTP requests, potentially exploitable by tricking users into visiting a malicious webpage. |
|---|---|
| AI Severity | Critical |
| AI Vendor | WWBN |
| AI Product | AVideo |
| AI Version | 14.4, dev master commit 8a8954ff |
Affected Products
- WWBN AVideo 14.4
- WWBN AVideo dev master commit 8a8954ff
Additional Information
| CWE List | CWE-79 |
|---|---|
| Source | talos |
Description
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.