CVE-2022-32771 CRITICAL

CVE-2022-32771

Vendor Wwbn

Product AVideo

Weakness CWE-79 · XSS

Published August 22, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "success" parameter which is inserted into the document with insufficient sanitization.

Key dates

02Disclosure timeline

August 22, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32771 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-32771

CWE CWE-79

CVSS 9.6 / CRITICAL

Affected versions

Vendor Wwbn

Product AVideo

Affected 11.6

Vendor Wwbn

Product AVideo

Affected dev master commit 3f7c0364

CVE-2022-32771

01Description

02Disclosure timeline

03References

04Related CVE