CVE-2026-34396 - Vulnerability Analysis
MediumCVSS: 6.1Last Updated: April 1, 2026
WWBN AVideo - Stored XSS
Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable
Overview
WWBN AVideo <= 26.0 contains a stored XSS caused by lack of output encoding in plugin configuration values in admin panel, letting attackers inject JavaScript executed by administrators, exploit requires setting plugin config value.
Severity & Score
Severity: Medium
CVSS Score: 6.1
Impact
Attackers can execute arbitrary JavaScript in admin context, potentially leading to full admin account compromise.
Mitigation
Update to the latest version once patches are available or apply output encoding to plugin configuration values.
Related Resources
Details
- CVE ID
- CVE-2026-34396
- Severity
- Medium
- CVSS Score
- 6.1
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N