CVE-2026-50745
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.
Risk Assessment
The risk involves potential injection of malicious code (e.g., XSS) through reflected unsanitised user input, which could lead to session theft, redirects, or other attacks on end users.
Recommendation
Immediately update the stats-video.php script to properly encode and sanitise all user input and follow secure URL construction practices according to best practices.
Original NVD description (English source)
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.

