Vulners
Lucene search
VideoWhisper 7 Cross Site Scripting
🗓️ 25 Apr 2014 00:00:00Reported by Mahmoud GhorbanzadehType 
packetstorm🔗 packetstormsecurity.com👁 61 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2014-2715 | 28 Apr 201414:00 | – | cve |
 | CVE-2014-2715 | 28 Apr 201414:00 | – | cvelist |
 | SA-CONTRIB-2014-061 - VideoWhisper Webcam Plugins - Cross Site Scripting (XSS) - Unsupported | 18 Jun 201400:00 | – | drupal |
 | EUVD-2014-2743 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-2715 | 28 Apr 201414:09 | – | nvd |
 | Cross site scripting | 28 Apr 201414:09 | – | prion |
 | [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper | 4 May 201400:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 4 May 201400:00 | – | securityvulns |
`Vulnerability title: Cross-site scripting (XSS) vulnerability in Videowhisper
CVE: CVE-2014-2715
Vendor: VideoWhisper
Product: Videowhisper module for Drupal 7
Affected version: 7
Fixed version:
Reported by: Mahmoud Ghorbanzadeh
Details:
Hello,
I found Cross-site scripting (XSS) vulnerability in the Videowhisper module for Drupal 7 (videowhisper-7.x). The vulnerability exist at line 2 and line 4 in drupal\modules\videowhisper\vwrooms\templates\logout.tpl.php due to $_GET['module'] and $_GET['message'] variables respectively at line 347 in drupal\modules\videowhisper\vwrooms\vwrooms.module.
POC: drupal/index.php?q=vwrooms/logout&module=<script>alert('XSS1')</script>&message=<script>alert('XSS2')</script>
Vendor Notification: 18, Apr 2014
Discovered by Mahmoud Ghorbanzadeh, in Amirkabir University of Technology's Scientific Excellence and Research Centers.
Best Regards.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Apr 2014 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.00443