Lucene search

[email protected]NVD:CVE-2023-51371

HistoryDec 29, 2023 - 11:15 a.m.

CVE-2023-51371

2023-12-2911:15:09

CWE-79

[email protected]

web.nvd.nist.gov

bit assist chat

stored xss

cross-site scripting

vulnerability

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9.

Affected configurations

Nvd

Node

bitappsbit_assistRange≤1.1.9wordpress

VendorProductVersionCPE
bitappsbit_assist*cpe:2.3:a:bitapps:bit_assist:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
bitapps	bit_assist	*	cpe:2.3:a:bitapps:bit_assist::::::wordpress::*

References

patchstack.com/database/vulnerability/bit-assist/wordpress-chat-button-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve