OpenCVE

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wwbn	Avideo

Configuration 1 [-]

OR	cpe:2.3:a:wwbn:avideo:3c6bb3ff:::::::*
	cpe:2.3:a:wwbn:avideo:11.6:::::::*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-01-10T15:48:10.985Z

Updated: 2024-08-02T21:37:54.692Z

Reserved: 2023-11-30T22:17:19.227Z

Link: CVE-2023-48728

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-10T16:15:47.627

Modified: 2024-11-21T08:32:20.380

Link: CVE-2023-48728

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wwbn:avideo:3c6bb3ff:*:*:*:*:*:*:*", "matchCriteriaId": "401D3AD3-62F7-4B6E-8DDD-BF3FC6CD5DC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*", "matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad functiongetOpenGraph videoName de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 3c6bb3ff. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad."}], "id": "CVE-2023-48728", "lastModified": "2024-11-21T08:32:20.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-10T16:15:47.627", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}