XSS in Wwbn Avideo
CVE-2026-33035
WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter f…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.
Affected products
- Wwbn Avideo — versions < 26.0
Weakness classification (CWE)
References
- https://github.com/WWBN/AVideo/security/advisories/GHSA-wfq5-qgqp-hvhv (x_refsource_CONFIRM)
- https://github.com/WWBN/AVideo/commit/cca6196f4072cb9acc39b1030fb8fb1702b4f69b (x_refsource_MISC)