A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId

链接： https://github.com/advisories/GHSA-7qv6-qqv7-4w43

CVSS 评分： 9.7

参考链接：

• https://nvd.nist.gov/vuln/detail/CVE-2025-46410

• https://talosintelligence.com/vulnerability_reports/TALOS-2025-2205

• https://github.com/advisories/GHSA-7qv6-qqv7-4w43

描述：

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.