Medium severity5.4NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026
CVE-2026-47694
CVE-2026-47694
Description
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders category_description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page. This is a stored XSS in the category description field, separate from previously fixed XSS issues in video titles or comments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
WWBN/AVideoPackagist | <= 29.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/WWBN/AVideo/security/advisories/GHSA-c8h8-vq34-9fw2nvdExploitMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-c8h8-vq34-9fw2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-47694ghsaADVISORY
- github.com/WWBN/AVideo/commit/6a6ff1f5bff1904f91f612db9f0da083295392b1ghsaWEB
News mentions
1- WWBN AVideo: Nine Bugs Disclosed Together — From Wallet Fraud to RCEVypr Intelligence · May 29, 2026