Vendor
AVideo
Products
2
CVEs
2
Across products
2
Status
Private
Products
2- 1 CVE
- 1 CVE
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-49279 | hig | 0.38 | — | — | Jun 4, 2026 | # AVideo: Stored XSS via `autoEvalCodeOnHTML` in MessageSQLite WebSocket Handler ## Summary AVideo has a stored XSS vulnerability in the WebSocket messaging system. The `MessageSQLite.php` handler only strips `autoEvalCodeOnHTML` from `$json['msg']`, but `msgToResourceId()`… | ||
| CVE-2026-50183 | 0.00 | — | — | Jun 4, 2026 | # Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section ## Summary A stored Cross-Site Scripting vulnerability (CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere) in the AVideo YouTubeAPI plugin renders the… |
- risk 0.38cvss —epss —
# AVideo: Stored XSS via `autoEvalCodeOnHTML` in MessageSQLite WebSocket Handler ## Summary AVideo has a stored XSS vulnerability in the WebSocket messaging system. The `MessageSQLite.php` handler only strips `autoEvalCodeOnHTML` from `$json['msg']`, but `msgToResourceId()`…
- CVE-2026-50183Jun 4, 2026risk 0.00cvss —epss —
# Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section ## Summary A stored Cross-Site Scripting vulnerability (CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere) in the AVideo YouTubeAPI plugin renders the…