Tag
WWBN AVideo version 29.0 and prior is vulnerable to unauthenticated arbitrary Javascript execution via the YPTSocket plugin, allowing an attacker to execute arbitrary code in the context of connected users, leading to account takeover and data theft.