CVE-2022-32770 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in WWBN AVideo affects v. 11.6 and dev master commit 3f7c0364.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
WWBN AVideo is a video hosting and streaming platform that is widely used by businesses and individuals to share video content on the internet. The platform provides a variety of features that allow users to easily upload, edit, and publish their video content. With its user-friendly interface and flexible pricing plans, WWBN AVideo has become a popular choice among content creators who want to reach a wider audience.
Recently, a critical vulnerability was discovered in WWBN AVideo, identified as CVE-2022-32770. This cross-site scripting (XSS) vulnerability exists in the footer alerts functionality of both WWBN AVideo 11.6 and dev master commit 3f7c0364. This vulnerability is caused by the "toast" parameter, which is inserted into the document without proper sanitization. This allows an attacker to execute arbitrary JavaScript code on the victim's browser by sending a specially-crafted HTTP request.
When exploited, this vulnerability can potentially allow an attacker to steal sensitive information such as login credentials, credit card details, and personal information from the victim's browser. Furthermore, an attacker can use this vulnerability to hijack the victim's session, allowing them to gain unauthorized access to the victim's account.
At s4e.io, we prioritize the security of our clients' digital assets by providing advanced features that allow users to quickly identify and mitigate vulnerabilities. By using our platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets, enabling them to take the necessary precautions to protect against potential attacks. Don't leave your digital assets vulnerable – sign up with s4e.io today.
REFERENCES