PT-2014-4880 · Drupal · Videowhisper Webcam+1
Publicado
2014-04-28
·
Atualizado
2018-10-09
·
CVE-2014-2715
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
VideoWhisper Webcam plugins for Drupal versions 7.x
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the
module or message parameter to "index.php".Recommendations
For VideoWhisper Webcam plugins for Drupal version 7.x, update the vwroomstemplateslogout.tpl.php file to prevent XSS injections via the
module and message parameters.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal
Videowhisper Webcam