6 matches found
CVE-2014-8338
Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...
CVE-2014-8338
Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...
SA-CONTRIB-2014-061 - VideoWhisper Webcam Plugins - Cross Site Scripting (XSS) - Unsupported
Includes multiple modules for video communications including room listing, pay per view access control. The module doesn't sufficiently filter user supplied text from the url reflected cross site scripting. No special permissions are required to exploit this issue. There are no mitigating factors...
CVE-2014-2715
Multiple cross-site scripting XSS vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the 1 module or 2 message parameter to index.php...
CVE-2014-2715
Multiple cross-site scripting XSS vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the 1 module or 2 message parameter to index.php...