A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality

链接： https://github.com/advisories/GHSA-8fxc-vw38-fhp2

CVSS 评分： 9.1

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-53084
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2206
https://github.com/advisories/GHSA-8fxc-vw38-fhp2

描述：

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

安全公告

#Github Advisory

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality

http://example.com/2025/07/24/github_783566612/

作者

lianccc

发布于

2025年7月24日

许可协议

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter 上一篇

pymatgen Remote Code Execution Vulnerability 下一篇