cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12504,https://securityvulnerability.io/vulnerability/CVE-2024-12504,Stored Cross-Site Scripting in Broadcast Live Video Streaming Plugin for WordPress,"The Broadcast Live Video – Live Streaming plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability through the 'videowhisper_hls' shortcode. This flaw arises from inadequate input sanitization and output escaping for user-supplied attributes. As a result, authenticated users with contributor-level access or higher can inject malicious JavaScript into web pages. Such scripts will execute whenever a user visits the compromised page, posing significant security risks to affected sites.",Wordpress,"Broadcast Live Video – Live Streaming : Html5, Webrtc, Hls, Rtsp, Rtmp",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-23T11:13:28.100Z,0