CVE-2014-4570

2014-07-0218:55:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-4570

cross-site scripting

xss

videowhisper video presentation

wordpress

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/.

Affected configurations

NVD

Node

videowhispervideo_presentationRange≤3.25---wordpress

CPENameOperatorVersion
videowhisper:video_presentationvideowhisper video presentationle3.25

CPE	Name	Operator	Version
videowhisper:video_presentation	videowhisper video presentation	le	3.25

References

codevigilant.com/disclosure/wp-plugin-videowhisper-video-presentation-a3-cross-site-scripting-xss

www.securityfocus.com/bid/69511

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839980%40videowhisper-video-presentation&old=600781%40videowhisper-video-presentation&sfp_email=&sfph_mail=#file4