CVE-2026-33683 in WWBN AVideoinfo

Zusammenfassung (Englisch)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The `xss_esc()` function entity-encodes input before `strip_specific_tags()` can match dangerous HTML tags, and `html_entity_decode()` on output reverses the encoding, restoring the raw malicious HTML. Commit 7cfdc380dae1e56bbb5de581470d9e9957445df0 contains a patch.

Zuständig

GitHub_M

Reservieren

23.03.2026

Veröffentlichung

23.03.2026

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
352575	WWBN AVideo Registered User xss_esc Cross Site Scripting	79	Nicht definiert	Offizieller Fix	CVE-2026-33683

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!