CVE-2014-1906

Name of the Vulnerable Software and Affected Versions VideoWhisper Live Streaming Integration plugin versions prior to 4.29.5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various parameters in different files, including the m parameter to "lb status.php", the msg parameter to "vc chatlog.php", the n parameter to "channel.php", "htmlchat.php", "video.php", or "videotext.php", the message parameter to "lb logout.php", or the ct parameter to "lb status.php" or "v status.php" in the "ls/" directory.

Recommendations For VideoWhisper Live Streaming Integration plugin versions prior to 4.29.5, update to version 4.29.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters, such as m, msg, n, message, and ct, in the affected files until a patch is applied.