Lucene search

K
VideowhisperVideowhisper Live Streaming Integration

12 matches found

CVE
CVE
added 2024/04/03 1:15 p.m.53 views

CVE-2023-25699

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.

9.8CVSS9.3AI score0.01436EPSS
CVE
CVE
added 2014/03/06 3:55 p.m.52 views

CVE-2014-1906

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) chann...

4.3CVSS6AI score0.01426EPSS
Web
CVE
CVE
added 2025/02/25 3:15 p.m.52 views

CVE-2025-26752

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.

8.6CVSS6.9AI score0.00084EPSS
CVE
CVE
added 2014/03/06 3:55 p.m.50 views

CVE-2014-1907

Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s para...

6.4CVSS6.9AI score0.10406EPSS
Web
CVE
CVE
added 2014/12/29 8:59 p.m.49 views

CVE-2014-1908

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error m...

5CVSS6.1AI score0.06369EPSS
CVE
CVE
added 2025/01/23 12:15 p.m.49 views

CVE-2024-12504

The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user s...

6.4CVSS5.7AI score0.00031EPSS
CVE
CVE
added 2014/12/29 8:59 p.m.48 views

CVE-2014-1905

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp...

10CVSS9.6AI score0.17963EPSS
Web
CVE
CVE
added 2025/02/25 3:15 p.m.43 views

CVE-2025-26753

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.

7.5CVSS6.9AI score0.00104EPSS
CVE
CVE
added 2013/09/09 5:55 p.m.40 views

CVE-2013-5714

Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details...

4.3CVSS6.1AI score0.00414EPSS
Web
CVE
CVE
added 2018/03/19 9:29 p.m.32 views

CVE-2014-2297

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overla...

6.1CVSS6AI score0.01426EPSS
Web
CVE
CVE
added 2014/07/01 2:55 p.m.31 views

CVE-2014-4569

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.

4.3CVSS6AI score0.00197EPSS
Web
CVE
CVE
added 2025/05/19 3:15 p.m.24 views

CVE-2025-48255

Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP allows Cross Site Request Forgery. This issue affects Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: from n/a through 6.2.4.

8.8CVSS4.7AI score0.00022EPSS