CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24512 – Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS
https://notcve.org/view.php?id=CVE-2021-24512
The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos. El plugin Video Posts Webcam Recorder WordPress versiones anteriores a 3.2.4, presenta una vulnerabilidad de tipo cross site scripting (XSS) reflejado y autenticado en una de las funciones administrativas para manejar la eliminación de vídeos. The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has a reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos. • https://wpscan.com/vulnerability/458a576e-a7ed-4758-a80c-cd08c370aaf4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2015-9271 – Webcam Video Conference <= 4.91.8 - Unrestricted File Upload leading to Remote Code Execuction
https://notcve.org/view.php?id=CVE-2015-9271
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. El plugin videowhisper-video-conference-integration de VideoWhisper en su versión 4.91.8 para WordPress permite que los atacantes remotos ejecuten código arbitrario porque vc/vw_upload.php considera que un archivo es seguro cuando "html" son las últimas cuatro letras, tal y como queda demostrado con un archivo .phtml que contiene código PHP. Esta es una vulnerabilidad diferente a CVE-2014-1905. • http://www.vapidlabs.com/advisory.php?v=116 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2015-9272 – VideoWhisper Video Presentation <= 4.1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-9272
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. El plugin videowhisper-video-presentation en su versión 3.31.17 para WordPress permite que los atacantes remotos ejecuten código arbitrario porque vp/vw_upload.php considera que un archivo es seguro cuando "html" son las últimas cuatro letras, tal y como queda demostrado con un archivo .phtml que contiene código PHP. The videowhisper-video-presentation plugin 4.1.4 and below for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. • http://www.vapidlabs.com/advisory.php?v=117 https://www.openwall.com/lists/oss-security/2015/04/01/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-8338 – Drupal 7 Videowhisper Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-8338
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo vwrooms/js/jsor-jcarousel/examples/special_textscroller.php en los plugins VideoWhisper Webcam para Drupal versiones 7.x, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una URL a un archivo SVG creado en el parámetro feed. • https://packetstormsecurity.com/files/128997/Drupal-7-Videowhisper-Cross-Site-Scripting.html https://www.securityfocus.com/archive/1/533921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 2CVE-2014-4569 – Broadcast Live Video – Live Streaming < 4.27.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4569
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. Vulnerabilidad de XSS en ls/vv_login.php en el plugin VideoWhisper Live Streaming Integration 4.27.2 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro room_name. • http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss http://www.securityfocus.com/bid/68321 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833654%40videowhisper-live-streaming-integration&old=833649%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •