Summary
This host is installed with WordPress VideoWhisper Live Streaming Integration Plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade to version 4.27.3 or later. For updates refer http://wordpress.org/plugins/videowhisper-live-streaming-integration
Insight
Input passed via the 'room_name' GET parameter to ls/vv_login.php script is not properly sanitised before returning to the user.
Affected
WordPress VideoWhisper Live Streaming Integration Plugin version 4.27.2 and prior.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-4569 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache Subversion Module Metadata Accessible
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities