CVE-2013-5714

Videowhisper Live Streaming Integration < 4.25.3 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.

References (5)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html

[Third Party Advisory, VDB Entry] http://osvdb.org/96593

[Vendor Advisory] http://secunia.com/advisories/54619

[Exploit] http://www.iedb.ir/exploits-402.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/61977

Scores

EPSS 0.0041

EPSS Percentile 61.3%

Details

CWE

CWE-79

Status published

Products (9)

videowhisper/videowhisper_live_streaming_integration < 4.25.3

videowhisper/videowhisper_live_streaming_integration

videowhisper/videowhisper_live_streaming_integration

videowhisper/videowhisper_live_streaming_integration

videowhisper/videowhisper_live_streaming_integration

videowhisper/videowhisper_live_streaming_integration

videowhisper/videowhisper_live_streaming_integration

videowhisper/videowhisper_live_streaming_integration

n/a/n/a

Published Sep 09, 2013

Tracked Since Feb 18, 2026