Vulnerabilities > Videowhisper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-34759 | Unspecified vulnerability in Videowhisper Picture Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a through 1.5.11. | 5.4 |
| 2024-01-08 | CVE-2023-52213 | Unspecified vulnerability in Videowhisper Rate Star Review Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1. | 6.1 |
| 2021-08-16 | CVE-2021-34656 | Cross-site Scripting vulnerability in Videowhisper 2Way Videocalls and Random Chat 5.2.7 The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | 6.1 |
| 2021-08-16 | CVE-2021-24512 | Unspecified vulnerability in Videowhisper Video Posts Webcam Recorder 1.55.4 The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos. | 5.4 |
| 2020-01-31 | CVE-2014-8338 | Cross-site Scripting vulnerability in Videowhisper Webcam 7.X1.7 Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | 6.1 |
| 2019-12-27 | CVE-2014-4567 | Cross-site Scripting vulnerability in Videowhisper Video Comments Webcam Recorder 1.45/1.45.2/1.55 Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 6.1 |
| 2018-03-19 | CVE-2014-2297 | Cross-site Scripting vulnerability in Videowhisper Live Streaming Integration 4.29.6 Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. | 6.1 |