CVE-2014-1906

2014-03-0615:55:28

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

55.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.

Affected configurations

Nvd

Node

videowhisperlive_streaming_integration_pluginRange≤4.27.4

videowhisperlive_streaming_integration_pluginMatch1.0.2

videowhisperlive_streaming_integration_pluginMatch2.0

videowhisperlive_streaming_integration_pluginMatch2.1

videowhisperlive_streaming_integration_pluginMatch2.2

videowhisperlive_streaming_integration_pluginMatch4.05

videowhisperlive_streaming_integration_pluginMatch4.07

videowhisperlive_streaming_integration_pluginMatch4.25

videowhisperlive_streaming_integration_pluginMatch4.25.3

videowhisperlive_streaming_integration_pluginMatch4.27

videowhisperlive_streaming_integration_pluginMatch4.27.3

VendorProductVersionCPE
videowhisperlive_streaming_integration_plugin*cpe:2.3:a:videowhisper:live_streaming_integration_plugin:*:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin1.0.2cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin2.0cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin2.1cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin2.2cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin4.05cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.05:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin4.07cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.07:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin4.25cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin4.25.3cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25.3:*:*:*:*:*:*:*
videowhisperlive_streaming_integration_plugin4.27cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
videowhisper	live_streaming_integration_plugin	*	cpe:2.3:a:videowhisper:live_streaming_integration_plugin::::::::
videowhisper	live_streaming_integration_plugin	1.0.2	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:::::::*
videowhisper	live_streaming_integration_plugin	2.0	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:::::::*
videowhisper	live_streaming_integration_plugin	2.1	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:::::::*
videowhisper	live_streaming_integration_plugin	2.2	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:::::::*
videowhisper	live_streaming_integration_plugin	4.05	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.05:::::::*
videowhisper	live_streaming_integration_plugin	4.07	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.07:::::::*
videowhisper	live_streaming_integration_plugin	4.25	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:::::::*
videowhisper	live_streaming_integration_plugin	4.25.3	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25.3:::::::*
videowhisper	live_streaming_integration_plugin	4.27	cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:::::::*