VideoWhisper Live Streaming Integration plugin 4.25

CPE Details

VideoWhisper Live Streaming Integration plugin 4.25
videowhisper
live_streaming_integration_plugin
4.25
2013-09-10
15h03 +00:00
2013-09-12
13h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*

Informations

Vendor

videowhisper

Product

live_streaming_integration_plugin

Version

4.25

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2014-1906 2014-03-06 14h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.
4.3
CVE-2014-1907 2014-03-06 14h00 +00:00 Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
6.4
CVE-2013-5714 2013-09-09 17h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.
4.3