4 matches found
SA-CONTRIB-2014-061 - VideoWhisper Webcam Plugins - Cross Site Scripting (XSS) - Unsupported
Includes multiple modules for video communications including room listing, pay per view access control. The module doesn't sufficiently filter user supplied text from the url reflected cross site scripting. No special permissions are required to exploit this issue. There are no mitigating factors...
[CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper
Vulnerability title: Cross-site scripting XSS vulnerability in Videowhisper CVE: CVE-2014-2715 Vendor: VideoWhisper Product: Videowhisper module for Drupal 7 Affected version: 7 Fixed version: Reported by: Mahmoud Ghorbanzadeh Details: Hello, I found Cross-site scripting XSS vulnerability in the...
CVE-2014-2715
VideoWhisper Webcam Plugins (Drupal 7.x) are affected by CVE-2014-2715 due to cross-site scripting in vwrooms/templates/logout.tpl.php. The vulnerability allows injecting arbitrary script via the module or message parameters in index.php, caused by reflected user input. Impact is XSS; exploit det...
VideoWhisper 7 Cross Site Scripting
Vulnerability title: Cross-site scripting XSS vulnerability in Videowhisper CVE: CVE-2014-2715 Vendor: VideoWhisper Product: Videowhisper module for Drupal 7 Affected version: 7 Fixed version: Reported by: Mahmoud Ghorbanzadeh Details: Hello, I found Cross-site scripting XSS vulnerability in the...