[MEDIUM] AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers

PKSA-71gv-fx3g-ynk8 CVE-2026-43876 GHSA-g9cm-rxp7-6gv5

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub