4.3

CVE-2014-4569

Exploit

Broadcast Live Video – Live Streaming < 4.27.4 - Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
Mögliche Gegenmaßnahme
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: Update to version 4.27.4, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
Version [*, 4.27.4)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideowhisperVideowhisper Live Streaming Integration SwPlatformwordpress Version <= 4.27
VideowhisperVideowhisper Live Streaming Integration Version1.0.2 SwPlatformwordpress
VideowhisperVideowhisper Live Streaming Integration Version2.0 SwPlatformwordpress
VideowhisperVideowhisper Live Streaming Integration Version2.1 SwPlatformwordpress
VideowhisperVideowhisper Live Streaming Integration Version2.2 SwPlatformwordpress
VideowhisperVideowhisper Live Streaming Integration Version4.05 SwPlatformwordpress
VideowhisperVideowhisper Live Streaming Integration Version4.07 SwPlatformwordpress
VideowhisperVideowhisper Live Streaming Integration Version4.25 SwPlatformwordpress
VideowhisperVideowhisper Live Streaming Integration Version4.27.2 SwPlatformwordpress
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.387
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.