VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. [已公开] id: CVE-2025-62613 info: name: VDO.Ninja - DOM-Based Cross-Site Scripting author: 0x_Akoko severity: medium description: | VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. impact: | Attackers can execute arbitrary scripts in users' browsers, potentially stealing data or performing actions on their behalf. remediation: | Update to version 28.4 or later. reference: - https://github.com/steveseguin/vdo.ninja/security/advisories/GHSA-mp9c-cpch-x73c - https://github.com/steveseguin/vdo.ninja/commit/83c0ac753ad60c7a086daced3244688cabd4f6b8 - https://nvd.nist.gov/vuln/detail/CVE-2025-62613 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2025-62613 cwe-id: CWE-79 epss-score: 0.00045 metadata: verified: true max-request: 2 fofa-query: body="vdo.ninja" tags: cve,cve2025,xss,vdo-ninja flo

未知