CVE-2023-49175

2023-12-1515:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-49175

cross-site scripting

kreativo pro

kp fastest tawk.to chat

nvd

security vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.

Affected configurations

Vulners

NVD

Node

kreativo_prokp_fastest_tawk.to_chatRange≤1.1.1

CPENameOperatorVersion
kreativopro:kp_fastest_tawk.to_chatkreativopro kp fastest tawk.to chatle1.1.1

CPE	Name	Operator	Version
kreativopro:kp_fastest_tawk.to_chat	kreativopro kp fastest tawk.to chat	le	1.1.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "kp-fastest-tawk-to-chat",
    "product": "KP Fastest Tawk.to Chat",
    "vendor": "Kreativo Pro",
    "versions": [
      {
        "lessThanOrEqual": "1.1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/kp-fastest-tawk-to-chat/wordpress-kp-fastest-tawk-to-chat-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve