CVE-2014-2297

NONE EPSS 62.8%
Published Mar 19, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 19, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.

Threat Intelligence

EPSS Exploit Probability
62.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
videowhispervideowhisper_live_streaming_integration4.29.6any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.