Lucene search

K
cvelistPatchstackCVELIST:CVE-2023-26538
HistoryJun 13, 2023 - 2:12 p.m.

CVE-2023-26538 WordPress Chat Bee Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

2023-06-1314:12:48
CWE-79
Patchstack
www.cve.org
cve-2023-26538
cross site scripting
auth
kamyabsoft chat bee plugin
stored
admin

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

16.0%

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "chat-bee",
    "product": "Chat Bee",
    "vendor": "Kamyabsoft",
    "versions": [
      {
        "lessThanOrEqual": "1.1.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

16.0%

Related for CVELIST:CVE-2023-26538