CVE-2014-2715 – VideoWhisper 7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-2715
Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php. Múltiples vulnerabilidades de XSS en vwrooms\templates\logout.tpl.php en los plugins VideoWhisper Webcam para Drupal 7.x permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro (1) module o (2) message hacia index.php. VideoWhisper version 7 for Drupal suffers from a cross site scripting vulnerability. • http://secunia.com/advisories/58306 http://www.securityfocus.com/archive/1/531935/100/0/threaded http://www.securityfocus.com/bid/67069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •