XSS in Wwbn Avideo
CVE-2026-33295
WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title` field of a video record is interpolated…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (2.5th percentile) — read the EPSS interpretation.
Affected products
- Wwbn Avideo — versions < 26.0
Weakness classification (CWE)
References
- https://github.com/WWBN/AVideo/security/advisories/GHSA-gc3m-4mcr-h3pv (x_refsource_CONFIRM)
- https://github.com/WWBN/AVideo/commit/30cdd825fa5778c1d678c2402be2413b84ee4833 (x_refsource_MISC)