Vulnerabilites related to videowhisper - live_streaming_integration_plugin
CVE-2013-5714 (GCVE-0-2013-5714)
Vulnerability from cvelistv5
Published
2013-09-09 17:00
Modified
2024-09-17 01:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iedb.ir/exploits-402.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/54619 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/61977 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/96593 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:29.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iedb.ir/exploits-402.html"
},
{
"name": "20130823 Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html"
},
{
"name": "54619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54619"
},
{
"name": "61977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61977"
},
{
"name": "96593",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96593"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-09T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iedb.ir/exploits-402.html"
},
{
"name": "20130823 Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html"
},
{
"name": "54619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54619"
},
{
"name": "61977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61977"
},
{
"name": "96593",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96593"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.iedb.ir/exploits-402.html",
"refsource": "MISC",
"url": "http://www.iedb.ir/exploits-402.html"
},
{
"name": "20130823 Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html"
},
{
"name": "54619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54619"
},
{
"name": "61977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61977"
},
{
"name": "96593",
"refsource": "OSVDB",
"url": "http://osvdb.org/96593"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5714",
"datePublished": "2013-09-09T17:00:00Z",
"dateReserved": "2013-09-09T00:00:00Z",
"dateUpdated": "2024-09-17T01:41:10.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1906 (GCVE-0-2014-1906)
Vulnerability from cvelistv5
Published
2014-03-06 15:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/125454 | x_refsource_MISC | |
| https://www.htbridge.com/advisory/HTB23199 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91477 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"name": "videowhisper-cve20141906-xss(91477)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"name": "videowhisper-cve20141906-xss(91477)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91477"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/125454",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125454"
},
{
"name": "https://www.htbridge.com/advisory/HTB23199",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"name": "videowhisper-cve20141906-xss(91477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91477"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1906",
"datePublished": "2014-03-06T15:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1907 (GCVE-0-2014-1907)
Vulnerability from cvelistv5
Published
2014-03-06 15:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/125454 | x_refsource_MISC | |
| https://www.htbridge.com/advisory/HTB23199 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91478 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"name": "videowhisper-cve20141907-dir-trav(91478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"name": "videowhisper-cve20141907-dir-trav(91478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91478"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/125454",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125454"
},
{
"name": "https://www.htbridge.com/advisory/HTB23199",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"name": "videowhisper-cve20141907-dir-trav(91478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91478"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1907",
"datePublished": "2014-03-06T15:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-03-06 15:55
Modified
2025-08-20 13:03
Severity ?
Summary
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A950AF58-B660-48FA-9E55-8C4744C08CB5",
"versionEndIncluding": "4.27.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C3113C-387A-4749-8361-619C93D08014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B486B92A-9357-457F-A633-208AD9C5FF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC6CC23-0363-49EC-9025-049E7C9CBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A97D9527-A5D0-496B-823B-F3603C66039F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "28DEFF7E-9696-4774-8042-F9AD50B89AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6D9AF7-A6FC-449A-99A8-73B1751EB2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EB1FE0-F754-4B66-961F-1566873FB696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.05:*:*:*:*:*:*:*",
"matchCriteriaId": "6B13C2E4-3517-4080-AF5E-56B1B7ED8550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.07:*:*:*:*:*:*:*",
"matchCriteriaId": "64353A4D-E281-45A1-B685-6B8577AACC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.25.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6FFAF8-7139-43CE-981E-3AF3B5696DDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en el plugin VideoWhisper Live Streaming Integration anterior a 4.29.5 para WordPress permiten a atacantes remotos (1) leer archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro s hacia ls/rtmp_login.php o (2) eliminar archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro s hacia ls/rtmp_logout.php."
}
],
"id": "CVE-2014-1907",
"lastModified": "2025-08-20T13:03:49.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T15:55:28.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91478"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 15:55
Modified
2025-08-20 13:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A950AF58-B660-48FA-9E55-8C4744C08CB5",
"versionEndIncluding": "4.27.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C3113C-387A-4749-8361-619C93D08014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B486B92A-9357-457F-A633-208AD9C5FF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC6CC23-0363-49EC-9025-049E7C9CBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A97D9527-A5D0-496B-823B-F3603C66039F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "28DEFF7E-9696-4774-8042-F9AD50B89AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6D9AF7-A6FC-449A-99A8-73B1751EB2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EB1FE0-F754-4B66-961F-1566873FB696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.05:*:*:*:*:*:*:*",
"matchCriteriaId": "6B13C2E4-3517-4080-AF5E-56B1B7ED8550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.07:*:*:*:*:*:*:*",
"matchCriteriaId": "64353A4D-E281-45A1-B685-6B8577AACC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.25.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6FFAF8-7139-43CE-981E-3AF3B5696DDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el plugin VideoWhisper Live Streaming Integration anterior a 4.29.5 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro m hacia lb_status.php; (2) el par\u00e1metro msg hacia vc_chatlog.php; el par\u00e1metro n hacia (3) channel.php, (4) htmlchat.php, (5) video.php o (6) videotext.php; (7) el par\u00e1metro message hacia lb_logout.php o el par\u00e1metro ct hacia (8) lb_status.php o (9) v_status.php en ls/."
}
],
"id": "CVE-2014-1906",
"lastModified": "2025-08-20T13:03:49.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-06T15:55:28.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91477"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23199"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-09 17:55
Modified
2025-08-20 13:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0DCB04-CD0C-4496-B096-317C9474369B",
"versionEndIncluding": "4.25.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C3113C-387A-4749-8361-619C93D08014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B486B92A-9357-457F-A633-208AD9C5FF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC6CC23-0363-49EC-9025-049E7C9CBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A97D9527-A5D0-496B-823B-F3603C66039F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "28DEFF7E-9696-4774-8042-F9AD50B89AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.05:*:*:*:*:*:*:*",
"matchCriteriaId": "6B13C2E4-3517-4080-AF5E-56B1B7ED8550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.07:*:*:*:*:*:*:*",
"matchCriteriaId": "64353A4D-E281-45A1-B685-6B8577AACC45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades cross-site scripting (XSS) en ls/htmlchar.php de la extensi\u00f3n para WordPress, VideoWhisper Live Streaming Integration 4.25.3 y posiblemente anteriores permite a un atacate remoto inyectar script web o HTML a discrecci\u00f3n a trav\u00e9s del par\u00e1metro (1) name o (2) message. NOTA: algunos de esos detalles son obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2013-5714",
"lastModified": "2025-08-20T13:03:49.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-09T17:55:06.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96593"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54619"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.iedb.ir/exploits-402.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.iedb.ir/exploits-402.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61977"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}