Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseGHSA-2fch-hv74-fgw9
GHSA-2fch-hv74-fgw9:
PHP vulnerability analysis and mitigation
Overview
A Cross-Site Scripting (XSS) vulnerability was discovered in wwbn/avideo versions prior to 12.4, identified as GHSA-2fch-hv74-fgw9. The vulnerability was discovered and disclosed on April 26, 2023, affecting the demo.avideo.com platform. The issue was found in the '?success=' parameter which failed to properly sanitize symbol characters (GitHub Advisory).
Technical details
The vulnerability is classified as a CWE-79 (Cross-site Scripting) issue with a High severity rating. The technical flaw exists in the user parameter handling where the '?success=' parameter lacks proper input sanitization, allowing arbitrary symbol characters to be processed (GitHub Advisory).
Impact
The vulnerability could potentially lead to admin account takeover on demo.avideo.com, as the XSS attack could be leveraged against administrative users of the platform (GitHub Advisory).
Mitigation and workarounds
The vulnerability has been patched in version 12.4 of wwbn/avideo. Users are advised to upgrade to this version or later to mitigate the security risk (GitHub Advisory).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management