[HIGH] WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass)

PKSA-k9kk-fbnx-923m CVE-2026-49279 GHSA-2fhx-q92v-5fhv

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub