PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56347 WWBN CVE debrief

CVE-2026-56347 is a stored cross-site scripting vulnerability in the AVVideo TopMenu plugin through version 26.0. The vulnerability arises from missing output encoding of icon classes, URLs, and text labels in menu item rendering. Attackers can inject malicious JavaScript through unescaped menu item fields, which execute for all site visitors, potentially stealing session cookies or performing unauthorized actions. This vulnerability has a CVSS score of 5.3 and is classified as MEDIUM severity. Defenders should assess their exposure and prioritize patching or mitigating this vulnerability to prevent potential attacks.

Vendor
WWBN
Product
AVideo
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-20
Original CVE updated
2026-06-22
Advisory published
2026-06-20
Advisory updated
2026-06-22

Who should care

Defenders responsible for AVVideo installations, particularly those using the TopMenu plugin version 26.0 or earlier, should prioritize patching or mitigating this vulnerability. Web application security teams and administrators managing AVVideo deployments should assess their exposure and take necessary actions to prevent potential attacks.

Technical summary

The AVVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting (XSS) vulnerability due to inadequate output encoding of icon classes, URLs, and text labels in menu item rendering. This allows attackers to inject malicious JavaScript code through unescaped menu item fields, which can execute for all site visitors. The vulnerability is characterized by a CVSS score of 5.3 and a MEDIUM severity level. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Medium priority due to potential for unauthorized actions and session cookie theft.

Recommended defensive actions

  • Inventory AVVideo installations and TopMenu plugin versions to identify potentially vulnerable instances.
  • Review and apply official patches or updates for the TopMenu plugin to version 26.0 or later.
  • Implement compensating controls, such as web application firewalls (WAFs) or intrusion detection systems (IDS), to detect and prevent XSS attacks.
  • Monitor AVVideo installations for suspicious activity or signs of exploitation.
  • Perform regular security audits and vulnerability assessments to identify potential weaknesses.

Evidence notes

The primary evidence for this vulnerability comes from the CVE-2026-56347 record and the NVD detail page. The vulnerability affects the AVVideo TopMenu plugin through version 26.0. Defenders should verify the version of the TopMenu plugin in use and check for any available patches or updates. The CVE record and NVD page provide additional information on the vulnerability, including its CVSS score and severity level.

Official resources

This article is AI-assisted and based on the supplied source corpus.