CVE-2014-4567 – HTML5 Webcam Microphone Recorder Forms < 1.55 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-4567

Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo comments/videowhisper2/r_logout.php en el plugin Video Comments Webcam Recorder versión 1.55, como se descargó antes de 20140116 para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro message. • http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •