CVE-2021-24512 – Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS
https://notcve.org/view.php?id=CVE-2021-24512
The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos. El plugin Video Posts Webcam Recorder WordPress versiones anteriores a 3.2.4, presenta una vulnerabilidad de tipo cross site scripting (XSS) reflejado y autenticado en una de las funciones administrativas para manejar la eliminación de vídeos. The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has a reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos. • https://wpscan.com/vulnerability/458a576e-a7ed-4758-a80c-cd08c370aaf4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8338 – Drupal 7 Videowhisper Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-8338
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo vwrooms/js/jsor-jcarousel/examples/special_textscroller.php en los plugins VideoWhisper Webcam para Drupal versiones 7.x, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una URL a un archivo SVG creado en el parámetro feed. • https://packetstormsecurity.com/files/128997/Drupal-7-Videowhisper-Cross-Site-Scripting.html https://www.securityfocus.com/archive/1/533921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4567 – HTML5 Webcam Microphone Recorder Forms < 1.55 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4567
Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo comments/videowhisper2/r_logout.php en el plugin Video Comments Webcam Recorder versión 1.55, como se descargó antes de 20140116 para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro message. • http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4568 – Video Posts Webcam Recorder <= 1.55.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4568
Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. Vulnerabilidad de XSS en posts/videowhisper/r_logout.php en el plugin Video Posts Webcam Recorder 1.55.4 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro message. • http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839990%40video-posts-webcam-recorder&old=686450%40video-posts-webcam-recorder&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •