[MEDIUM] Video: Reflected XSS in plugin/Meet/iframe.php via Unescaped user and pass Parameters in JavaScript String Literal

PKSA-x5f2-6rvc-vhkd CVE-2026-43878 GHSA-mm5f-8q57-4fc4

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub