CVE Alert: CVE-2025-41420

July 25, 2025
image 1

Vulnerability Summary: CVE-2025-41420

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

Affected Endpoints:

No affected endpoints listed.

Published Date:

7/24/2025, 4:15:31 PM

💀 CVSS Score:

CVSS v3 Score: 9.6 (Critical)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

2c81c101e8d91863890e04a1aeb6ac58639b7368763c4b5fe0f95650287a1215

Trump Ai Plan Rips The Brakes Out Of The Car And Gives Big Tech Exactly What Itwanted

July 26, 2025
dcfa9df45d4de2012d4ea81722c27f3b82bc713a27e1da520ab113d45aef002d

The Eff Is 35, But The Battle To Defend Internet Freedom Is Far From Over

July 26, 2025
c80527cf4bf2afba3fe9f63287d0474a0ce9e1918c2232c09bb941369fb082c4

Eu Cloud Gang Challenges Broadcom’s $61b Vmware Buy In Court

July 26, 2025
f69e105fdd057db1e8b665bf24deebc9b694de6ece91fdaa9dc582e39a8aeb24

50 Years Ago, Gates And Allen Made The Deal That Launched Microsoft

July 26, 2025
7d644c1535ca7895105ac5bb4498effbceb2f62d69773e925e6a76e96a291ec0

Compromised Amazon Q Extension Told Ai To Delete Everything – And It Shipped

July 26, 2025