CVE-2014-1906
Published Mar 6, 2014
Last updated 7 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A950AF58-B660-48FA-9E55-8C4744C08CB5",
"versionEndIncluding": "4.27.4"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2C3113C-387A-4749-8361-619C93D08014"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B486B92A-9357-457F-A633-208AD9C5FF02"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DC6CC23-0363-49EC-9025-049E7C9CBB99"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A97D9527-A5D0-496B-823B-F3603C66039F"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD22D533-0ED0-4064-BE06-E1E2DF841B00"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A01AF49-B97A-421A-B0E5-DCAA2BA6927F"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28DEFF7E-9696-4774-8042-F9AD50B89AE9"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BE9DF77-08B9-4DD6-9FD3-B18878893E9E"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB6D9AF7-A6FC-449A-99A8-73B1751EB2F7"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27EB1FE0-F754-4B66-961F-1566873FB696"
}
],
"operator": "OR"
}
]
}
]