Vulnerabilities > Videowhisper > Videowhisper Live Streaming Integration > 4.29.6

DATE	CVE	VULNERABILITY TITLE	RISK
2024-04-03	CVE-2023-25699	Unspecified vulnerability in Videowhisper Live Streaming Integration Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. network low complexity videowhisper critical	9.8
2018-03-19	CVE-2014-2297	Cross-site Scripting vulnerability in Videowhisper Live Streaming Integration 4.29.6 Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. network low complexity videowhisper CWE-79	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.