Lucene search

PatchstackCVE-2024-27963

HistoryMar 21, 2024 - 5:15 p.m.

CVE-2024-27963

2024-03-2117:15:08

CWE-79

Patchstack

web.nvd.nist.gov

cve

2024

27963

stored xss

crisp

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

9.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44.

Affected configurations

Vulners

Node

crisplive_chatRange≤0.44wordpress

VendorProductVersionCPE
crisplive_chat*cpe:2.3:a:crisp:live_chat:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
crisp	live_chat	*	cpe:2.3:a:crisp:live_chat::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "crisp",
    "product": "Crisp",
    "vendor": "Crisp",
    "versions": [
      {
        "changes": [
          {
            "at": "0.45",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "0.44",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/crisp/wordpress-crisp-live-chat-and-chatbot-plugin-0-44-cross-site-scripting-xss-vulnerability?_s_id=cve