CVE-2025-34439

Medium CVSS: 4.8

AVideo versions prior to 20.1 are vulnerable to an open redirect flaw due to missing validation of the cancelUri parameter during user login. An attacker can craft a link to redirect users to arbitrary external sites, enabling phishing attacks.

Vendor

Wwbn

Product

Avideo

CWE

CWE-601

Yayın Tarihi

2025-12-17 20:15:54

Güncelleme

2025-12-19 19:15:51

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-601 Avideo MEDIUM Wwbn 2025

Referanslar

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://github.com/WWBN/AVideo/commit/4a53ab2056 https://github.com/WWBN/AVideo/commit/88bc40427b https://www.vulncheck.com/advisories/avideo-open-redirect-via-canceluri-parameter

Benzer Kayıtlar

Medium

CVE-2026-34733

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteS…

Medium

CVE-2026-34737

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug…

Medium

CVE-2026-34738

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an…

Medium

CVE-2026-34739

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the User_Location plugin's testIP.php page ref…

Medium

CVE-2026-34740

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link featur…

Medium

CVE-2026-34611

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json…