CVE-2025-36548

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-36548
Type cve
Published 2025-07-24T15:11:01.847Z
Modified 2025-07-24T15:11:01.847Z

Product Information

Vendor WWBN
Product AVideo
Version 14.4

CVSS Information

Base Score 8.3 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

  • WWBN AVideo 14.4
  • WWBN AVideo dev master commit 8a8954ff

Additional Information

CWE List CWE-79
Source talos

Description

A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.