CVE-2025-50128

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-50128
Type cve
Published 2025-07-24T15:11:03.304Z
Modified 2025-07-24T15:27:57.056Z

Product Information

Vendor WWBN
Product AVideo
Version 14.4

CVSS Information

Base Score 9.6 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Analysis

AI Description A cross-site scripting (XSS) vulnerability in the videoNotFound 404ErrorMsg parameter allows arbitrary JavaScript execution, potentially leading to session hijacking or malicious activity when a user visits a crafted webpage.
AI Severity Critical
AI Vendor WWBN
AI Product AVideo
AI Version 14.4, 8a8954ff

Affected Products

  • WWBN AVideo 14.4
  • WWBN AVideo dev master commit 8a8954ff

Additional Information

CWE List CWE-79
Source talos

Description

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.