CVE-2014-4570

Name of the Vulnerable Software and Affected Versions VideoWhisper Video Presentation plugin versions prior to 3.31

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the room name parameter to c login.php and the room parameter to index.php in vp/ are vulnerable.

Recommendations For versions prior to 3.31, update to version 3.31 or later to resolve the issue. As a temporary workaround, consider restricting access to the c login.php and index.php files in vp/ to minimize the risk of exploitation. Avoid using the room name and room parameters in the affected API endpoints until the issue is resolved.