WordPress VideoWhisper Live Streaming Integration Plugin XSS Vulnerability Network Vulnerability

Summary

This host is installed with WordPress VideoWhisper Live Streaming Integration Plugin and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

Solution

Upgrade to version 4.27.3 or later. For updates refer http://wordpress.org/plugins/videowhisper-live-streaming-integration

Insight

Input passed via the 'room_name' GET parameter to ls/vv_login.php script is not properly sanitised before returning to the user.

Affected

WordPress VideoWhisper Live Streaming Integration Plugin version 4.27.2 and prior.

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss
http://www.osvdb.com/108323
http://xforce.iss.net/xforce/xfdb/94207

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4569
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat DOS Device Name XSS
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Apache mod_proxy_ajp Information Disclosure Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities