Lucene search
HistoryJun 19, 2023 - 11:15 a.m.
CVE-2023-2399
qubot
wordpress
code injection
user dashboard
compromise
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.3%
The QuBot WordPress plugin before 1.1.6 doesn’t filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
Affected configurations
Node
qudataqubotRange<1.1.6
CNA Affected
[
{
"vendor": "Unknown",
"product": "QuBot",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.1.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cvelist
cvelist
CVE-2023-2399 qubotchat < 1.1.6 - Unauthenticated Stored XSS
2023-06-19 10:52:51
prion
prion
Input validation
2023-06-19 11:15:00
nvd
nvd
CVE-2023-2399
2023-06-19 11:15:10
wpvulndb
wpvulndb
qubotchat < 1.1.6 - Unauthenticated Stored XSS
2023-05-22 00:00:00
wpexploit
wpexploit
qubotchat < 1.1.6 - Unauthenticated Stored XSS
2023-05-22 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.3%
Related for CVE-2023-2399