CVE Catalog

CVE-2026-50745

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.

Risk Assessment

The risk involves potential injection of malicious code (e.g., XSS) through reflected unsanitised user input, which could lead to session theft, redirects, or other attacks on end users.

Recommendation

Immediately update the stats-video.php script to properly encode and sanitise all user input and follow secure URL construction practices according to best practices.

Original NVD description (English source)

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS