A vulnerability identified as problematic has been detected in WWBN AVideo up to 29.0 . Affected is the function sendSiteEmail of the file objects/notifySubscribers.json.php of the component Raw Message Handler . Performing a manipulation of the argument Message results in cross site scripting. This vulnerability is cataloged as CVE-2026-43876 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.