XSS in Wwbn Avideo
CVE-2026-49279
WWBN AVideo is an open source video platform. Versions 29.0 and below contain a Stored XSS vulnerability through the autoEvalCodeOnHTML parameter in the MessageSQLite WebSocket Handler. The MessageSQLite.php handler only strips autoEvalCod…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Wwbn Avideo — versions <= 29.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)