CVE ID :CVE-2026-33295 Published : March 22, 2026, 5:17 p.m. | 2 hours, 1 minute ago Description :WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title` field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to inject arbitrary JavaScript that executes in the browser of any user who visits the affected download page. Version 26.0 fixes the issue. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...