First published: Fri Jan 31 2020(Updated: )
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Videowhisper Webcam | =7.x-1.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2014-8338 is rated as medium with a CVSS score of 6.1.
Remote attackers can exploit this XSS vulnerability by injecting arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter of the affected plugin.
The affected software in CVE-2014-8338 is Videowhisper Webcam version 7.x-1.7 for Drupal.
Yes, you can find more information about CVE-2014-8338 at security websites like Packet Storm Security and SecurityFocus.