php · WWBN/AVideoHeads-up
AVideo YouTubeAPI Plugin Reflected XSS via search Parameter
Reflected XSS vulnerability in YouTubeAPI plugin: unsanitized $_GET['search'] concatenated into href attributes in plugin/YouTubeAPI/gallerySection.
What changed
Reflected XSS vulnerability in YouTubeAPI plugin: unsanitized $_GET['search'] concatenated into href attributes in plugin/YouTubeAPI/gallerySection.php lines 67 and 74. Layout plugin executes injected script tags.
Who it affects
All AVideo instances with YouTubeAPI plugin enabled (showGallerySection=true, default) and at least one video with a title containing a token from the search payload.
What to do today
Apply input sanitization (htmlspecialchars or urlencode) to $_GET['search'] in plugin/YouTubeAPI/gallerySection.php lines 67 and 74, or disable the YouTubeAPI plugin until a patch is released.
The trail
Collected→
Audited→
Written→
Published