Lucene search
PRIOn knowledge basePRION:CVE-2023-5606HistoryNov 02, 2023 - 9:15 a.m.
Cross site scripting
2023-11-0209:15:00
PRIOn knowledge base
www.prio-n.com
1
cross site scripting
wordpress
stored xss
faq builder
input sanitization
output escaping
multi-site installations
unfiltered_html
cve-2023-4253
The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ai_chatbot | ge | 4.8.6 | |
| ai_chatbot | lt | 4.9.7 |
Related
cvelist
cvelist
CVE-2023-5606
2023-11-02 08:31:43
CVE-2023-4253 Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
2023-09-04 11:26:57
nvd
nvd
CVE-2023-5606
2023-11-02 09:15:08
CVE-2023-4253
2023-09-04 12:15:10
cve
cve
CVE-2023-5606
2023-11-02 09:15:08
CVE-2023-4253
2023-09-04 12:15:10
wpvulndb
wpvulndb
ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
2023-11-23 00:00:00
Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
2023-08-08 00:00:00
prion
prion
Cross site scripting
2023-09-04 12:15:00
wpexploit
wpexploit
Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
2023-08-08 00:00:00
wordfence
wordfence