A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter

链接： https://github.com/advisories/GHSA-rh7r-mcgw-hv69

CVSS 评分： 9.7

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-50128
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2207
https://github.com/advisories/GHSA-rh7r-mcgw-hv69

描述：

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

安全公告

#Github Advisory

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter

http://example.com/2025/07/24/github_3365487299/

作者

lianccc

发布于

2025年7月24日

许可协议

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter 上一篇

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality 下一篇