1134 matches found
CVE-2025-11576 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...
CVE-2025-11952
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
CVE-2025-11952
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
EUVD-2025-35339
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
CVE-2025-11952
CVE-2025-11952 describes a stored XSS in Oct8ne Chatbot v2.3. The flaw arises from input validation failure when creating a mail transcript via /Records/SendSummaryMail, allowing injected JavaScript to run in a victim's browser. Impact stated: potential theft of sensitive data (e.g., session cook...
CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
Oct8ne Chatbot 跨站脚本漏洞
Oct8ne Chatbot is a chatbot from Oct8ne, Inc. A cross-site scripting vulnerability exists in Oct8ne Chatbot version 2.3, which stems from failure to validate input when creating a mail record via /Records/SendSummaryMail, which could lead to a stored cross-site scripting attack...
CVE-2025-8349
Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...
CVE-2025-11256
The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversatio...
EUVD-2025-34984
The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversatio...
CVE-2025-11256
The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversatio...
CVE-2025-11256
CVE-2025-11256 refers to the WordPress plugin Kognetiks Chatbot (versions ≤ 2.3.5). The vulnerability arises from a missing capability check in multiple functions, enabling unauthenticated attackers to perform data modification, upload limited safe files, and erase conversations. Wordfence notes ...
CVE-2025-11256 Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing
The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversatio...
WordPress Kognetiks Chatbot plugin <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing vulnerability
Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Kognetiks Chatbot for WordPress versions = 2.3.5...
WordPress plugin Kognetiks Chatbot 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... An authorization...
MAL-2025-48468 Malicious code in @institute-of-data-management/n11-chatbot (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @institute-of-data-management/n11-chatbot (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-10869
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
CVE-2025-10869
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...