Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.
https://github.com/WWBN/AVideo/commit/3722335f808484e6bfb5e71028fedddd942add4a