CVE-2023-48728

high-risk
Published 2024-01-10

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

Do I need to act?

!
17.4% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Wwbn

References (3)

Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883
Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1883
52
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 13/34 · Low
Exposure 7/34 · Low