CVE-2026-33296— WWBN AVideo 输入验证错误漏洞

AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected directly into a JavaScript `document.location` assignment without JavaScript-safe encoding. After a user completes the login popup flow, a timer callback executes the redirect using the unvalidated value, sending the victim to an attacker-controlled site. Version 26.0 fixes the issue.

N/A

指向未可信站点的URL重定向(开放重定向)

WWBN AVideo 输入验证错误漏洞

WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo 26.0之前版本存在输入验证错误漏洞，该漏洞源于登录流程中redirectUri参数未经JavaScript安全编码直接用于document.location赋值，可能导致开放重定向攻击。

N/A

N/A