CVE-2013-5714
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.25.3 - Reflected Cross-Site Scripting
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.
Multiples vulnerabilidades cross-site scripting (XSS) en ls/htmlchar.php de la extensión para WordPress, VideoWhisper Live Streaming Integration 4.25.3 y posiblemente anteriores permite a un atacate remoto inyectar script web o HTML a discrección a través del parámetro (1) name o (2) message. NOTA: algunos de esos detalles son obtenidos de información de terceros.
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter.
*Credits:
Iranian Exploit DataBase
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-08-23 CVE Published
- 2013-09-09 CVE Reserved
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/96593 | Vdb Entry | |
| http://www.securityfocus.com/bid/61977 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html | 2024-09-17 | |
| http://www.iedb.ir/exploits-402.html | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/54619 | 2013-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | <= 4.25.3 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version " <= 4.25.3" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | 1.0.2 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version "1.0.2" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | 2.0 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version "2.0" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | 2.1 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version "2.1" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | 2.2 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version "2.2" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | 4.05 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version "4.05" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | 4.07 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version "4.07" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|
| Videowhisper Search vendor "Videowhisper" | Live Streaming Integration Plugin Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" | 4.25 Search vendor "Videowhisper" for product "Live Streaming Integration Plugin" and version "4.25" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | - | - |
Safe
|