Lucene search

[email protected]CVE-2023-25710

HistoryApr 25, 2023 - 12:15 p.m.

CVE-2023-25710

2023-04-2512:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve

2023

25710

auth

admin+

stored

cross-site scripting

xss

vulnerability

digitalblue

click to call

chat buttons

plugin

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

17.2%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.

VendorProductVersionCPE
digitalblueclick_to_call_or_chat_buttons*cpe:2.3:a:digitalblue:click_to_call_or_chat_buttons:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
digitalblue	click_to_call_or_chat_buttons	*	cpe:2.3:a:digitalblue:click_to_call_or_chat_buttons::::::::

References

patchstack.com/database/vulnerability/click-to-call-or-chat-buttons/wordpress-click-to-call-or-chat-buttons-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for CVE-2023-25710

cvelist1 prion1 wpvulndb1 wordfence1