CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25699 – WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-25699
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en VideoWhisper.Com VideoWhisper Live Streaming Integration permite la inyección de comandos del sistema operativo. Este problema afecta la integración de transmisión en vivo de VideoWhisper: desde n/a hasta 5.5.15. The Live Streaming - Broadcast Live Video Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 5.5.15. This allows unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2297 – Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.29.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-2297
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en el plugin VideoWhisper Live Streaming Integration 4.29 para WordPress permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante (1) el parámetro n en ls/htmlchat.php y (2) el parámetro bgcolor en ls/index.php. NOTA: el vector 1 podría solaparse con CVE-2014-1906.4. Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. • http://www.securityfocus.com/archive/1/531773/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •