Lucene search
WPScanCVELIST:CVE-2021-25016HistoryJan 03, 2022 - 12:49 p.m.
CVE-2021-25016 Chaty < 2.8.3 - Reflected Cross-Site Scripting
2022-01-0312:49:12
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
43.6%
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
CNA Affected
[
{
"product": "Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2.8.3",
"versionType": "custom"
}
]
},
{
"product": "Floating Chat Widget Pro - Chaty Pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "2.8.2",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting
2021-12-06 00:00:00
patchstack
patchstack
openvas
openvas
WordPress Chaty Pro Plugin < 2.8.2 XSS Vulnerability
2022-06-20 00:00:00
WordPress Chaty Plugin < 2.8.4 XSS Vulnerability
2022-06-20 00:00:00
cnvd
cnvd
WordPress Chaty Cross-Site Scripting Vulnerability (CNVD-2022-03904)
2022-01-05 00:00:00
nuclei
nuclei
Chaty < 2.8.2 - Cross-Site Scripting
2023-10-16 18:37:06
cve
cve
CVE-2021-25016
2022-01-03 13:15:08
prion
prion
Cross site scripting
2022-01-03 13:15:00
nvd
nvd
CVE-2021-25016
2022-01-03 13:15:08
wpexploit
wpexploit
Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting
2021-12-06 00:00:00