Cross-Site Scripting Vulnerabilities in VideoWhisper Live Streaming Integration Plugin for WordPress
CVE-2013-5714

Currently unrated

Key Information:

Vendor: Wordpress
Status: Live Streaming Integration Plugin
Vendor: CVE Published:; 9 September 2013

Summary

The VideoWhisper Live Streaming Integration plugin for WordPress contains multiple cross-site scripting vulnerabilities in the ls/htmlchat.php file. Attackers can exploit these vulnerabilities to inject arbitrary web scripts or HTML via the 'name' or 'message' parameters. This can potentially lead to unauthorized actions on behalf of the user, making it crucial for site administrators to address these vulnerabilities promptly.

References

http://www.iedb.ir/exploits-402.html

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2013-08/01...

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/54619

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 9, 2013