[MEDIUM] AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification

PKSA-nph7-q1m2-1jj5 CVE-2026-34716 GHSA-w4hp-w536-jg64

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub