CVE-2022-32770
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2022-32770. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.0EPSS Score
v2025.03.14There is a 44.6% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "toast" parameter which is inserted into the document with insufficient sanitization.
Available Exploits
WWBN AVideo 11.6 - Cross-Site Scripting
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.
References:
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
- https://nvd.nist.gov/vuln/detail/CVE-2022-32770
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ARPSyndicate/cvemon
Related News
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: August 23, 2022, Modified: August 25, 2022