XSS in Wwbn Avideo

CVE-2026-49279

WWBN AVideo is an open source video platform. Versions 29.0 and below contain a Stored XSS vulnerability through the autoEvalCodeOnHTML parameter in the MessageSQLite WebSocket Handler. The MessageSQLite.php handler only strips autoEvalCod…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References