CVE-2014-4569

Name of the Vulnerable Software and Affected Versions VideoWhisper Live Streaming Integration plugin versions 4.27.2 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the room name parameter in the ls/vv login.php file.

Recommendations For VideoWhisper Live Streaming Integration plugin versions 4.27.2 and earlier, update to a version later than 4.27.2 to resolve the issue. As a temporary workaround, consider restricting access to the ls/vv login.php file or sanitizing input for the room name parameter to minimize the risk of exploitation.