VYPR

Avideo

by WWBN

Source repositories

CVEs (208)

  • CVE-2022-30605Aug 22, 2022
    risk 0.00cvss epss 0.04

    A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger…

  • CVE-2022-29468Aug 22, 2022
    risk 0.00cvss epss 0.01

    A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.

  • CVE-2022-28712Aug 22, 2022
    risk 0.00cvss epss 0.02

    A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP…

  • CVE-2022-28710Aug 22, 2022
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2022-27463Apr 5, 2022
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.

  • CVE-2022-27462Apr 5, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.

  • CVE-2021-21286Feb 1, 2021
    risk 0.00cvss epss 0.01

    AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All…

  • CVE-2020-23490Nov 16, 2020
    risk 0.00cvss epss 0.03

    There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.

Page 11 of 11