CVE-2023-48730

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

History

21 Nov 2024, 08:32

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882 - Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882 - Third Party Advisory
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 8.5

17 Jan 2024, 15:17

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882 - Third Party Advisory
CPE cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
Summary
  • (es) Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name de navbarMenuAndLogo.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar una ejecución arbitraria de Javascript. Un atacante puede hacer que un usuario visite una página web para activar esta vulnerabilidad.
CVSS v2 : unknown
v3 : 8.5
v2 : unknown
v3 : 5.4
First Time Wwbn avideo
Wwbn

10 Jan 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1882', 'source': 'talos-cna@cisco.com'}

10 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-10 16:15

Updated : 2024-11-21 08:32


NVD link : CVE-2023-48730

Mitre link : CVE-2023-48730

CVE.ORG link : CVE-2023-48730


JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')