[CRITICAL] WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin

PKSA-rftd-5wbt-6qx1 GHSA-8whc-2wmv-ww35

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub