Description

AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.

Related CPE's

a

wwbn

avideo

Vulnerable

References

https://github.com/WWBN/AVideo/commit/4a53ab2056

Patch

https://github.com/WWBN/AVideo/commit/77c70019b0

Patch

https://www.vulncheck.com/advisories/avideo-open-redirect-via-siteredirecturi-parameter

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-601

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2025-12-17T20:15:54.557

47 hours ago

Last modified

2025-12-19T16:15:56.320

3 hours ago