[MEDIUM] AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php

PKSA-g9zg-y2pv-yf4q CVE-2026-33499 GHSA-7292-w8qp-mhq2

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub