A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter

链接： https://github.com/advisories/GHSA-q8hh-q8j4-4vqq

CVSS 评分： 9.7

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-41420
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2209
https://github.com/advisories/GHSA-q8hh-q8j4-4vqq

描述：

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

安全公告

#Github Advisory

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter

http://example.com/2025/07/24/github_1929129128/

作者

lianccc

发布于

2025年7月24日

许可协议

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId 上一篇

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter 下一篇