WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to version 21 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleanup of Markdown links in video comments, which could lead to...

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the video comment rendering process. An attacker can execute arbitrary JavaScript in another user's session by injecting javascript:...

EUVD-2014-4494

Malware in sbrugna...

WordPress Video Comments Webcam Recorder Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Video Comments Webcam Recorder is a video capture plugin used in... A cross-site scripting vulnerability exists in the...

CVE-2014-4567

Cross-site scripting XSS vulnerability in comments/videowhisper2/rlogout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2014-4567

CVE-2014-4567 : XSS in the WordPress Video Comments Webcam Recorder plugin (version ~1.55, affected when downloaded before 20140116) located in comments/videowhisper2/r_logout.php . Root cause: insufficient validation of client-side data in the web app, allowing injection of arbitrary script/HTML...

Jiangsu Fargo Streaming Publishing Platform has xss vulnerability

Streaming Media Distribution Platform is a powerful and specialized streaming media distribution system suitable for long-time uninterrupted work, based on years of experience in streaming media R&D and telecom industry services. Streaming Media Distribution Platform has an xss vulnerability in t...

Wordpress contus-video-comments plugin remote file upload vulnerability

WordPress is a suite of blogging platforms developed using the PHP language by the WordPress Software Foundation. contus-video-comments is one of the video comment plugins. A remote file upload vulnerability exists in version v1.0 of the Wordpress contus-video-comments plugin, which can be...

CVE-2016-1000112

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin...

CVE-2016-1000112

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin...

Design/Logic Flaw

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin...

CVE-2016-1000112

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin...

CVE-2016-1000112

Affected software : WordPress plugin contus-video-comments v1.0. Vulnerability : Unauthenticated remote upload of .jpg files via the contus-video-comments plugin, enabling an attacker to upload arbitrary files. The issue is described consistently across CVE-2016-1000112 entries and CNVD/PATCHSTAC...

WordPress Contus Video Comments 1.0 File Upload

Title: Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2016-06-15 Download Site: https://wordpress.org/plugins/contus-video-comments/ Vendor: https://profiles.wordpress.org/hdflvplayer/ Vendor Notified: 2016-06-16...

Contus Video Comments - Unauthenticated Remote JPG File Upload

The contus-video-comments WordPress plugin was affected by an Unauthenticated Remote JPG File Upload security vulnerability. PoC curl --data @image.jpg "http://www.example.com/wp-content/plugins/contus-video-comments/save.php?id=../image"...

Contus Video Comments - Unauthenticated Remote JPG File Upload

The contus-video-comments WordPress plugin was affected by an Unauthenticated Remote JPG File Upload security vulnerability. curl --data @image.jpg "http://www.example.com/wp-content/plugins/contus-video-comments/save.php?id=../image"...

Online Subtitles Workshop XSS Vulnerability

No description provided by source. =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles Workshop XSS...

Video Comments Webcam Recorder <= 1.55 - Unauthenticated Reflected XSS

The Video Comments Webcam Recorder WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability...

CVE-2011-5185

Cross-site scripting XSS vulnerability in videocomments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter...

Online Subtitles Workshop - Cross-Site Scripting

Online Subtitles Workshop - Cross-Site Scripting =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles...