A vulnerability identified as problematic has been detected in WWBN AVideo up to 29.0. Affected by this vulnerability is the function
msgToResourceId of the file MessageSQLite.php of the component MessageSQLite WebSocket Handler. This manipulation of the argument json causes cross site scripting.
This vulnerability appears as CVE-2026-49279. The attack may be initiated remotely. There is no available exploit.