CVE-2014-1906

2014-03-0615:55:28

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-1906

cross-site scripting

xss

videowhisper live streaming integration

wordpress

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.

Affected configurations

NVD

Node

videowhisperlive_streaming_integration_pluginRange≤4.27.4

videowhisperlive_streaming_integration_pluginMatch1.0.2

videowhisperlive_streaming_integration_pluginMatch2.0

videowhisperlive_streaming_integration_pluginMatch2.1

videowhisperlive_streaming_integration_pluginMatch2.2

videowhisperlive_streaming_integration_pluginMatch4.05

videowhisperlive_streaming_integration_pluginMatch4.07

videowhisperlive_streaming_integration_pluginMatch4.25

videowhisperlive_streaming_integration_pluginMatch4.25.3

videowhisperlive_streaming_integration_pluginMatch4.27

videowhisperlive_streaming_integration_pluginMatch4.27.3

CPENameOperatorVersion
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration pluginle4.27.4
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq1.0.2
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq2.0
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq2.1
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq2.2
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.05
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.07
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.25
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.25.3
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.27

CPE	Name	Operator	Version
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	le	4.27.4
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	1.0.2
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	2.0
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	2.1
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	2.2
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.05
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.07
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.25
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.25.3
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.27