Cross site scripting

The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability...

CVE-2023-3418

Summary: CVE-2023-3418 corresponds to a stored Cross-Site Scripting (XSS) vulnerability in the Querlo Chatbot WordPress plugin. Concrete details in connected sources show the issue affected Querlo Chatbot WordPress plugin versions up to 1.2.4 (and earlier) and describe that unauthenticated or sub...

CVE-2023-3175

The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-3175 AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-3175

The CVE-2023-3175 entry is supported by multiple connected documents describing a stored Cross-Site Scripting vulnerability in the AI ChatBot WordPress plugin prior to version 4.6.1. The issue arises because certain settings are not adequately escaped, allowing high-privilege users (e.g., admins)...

CVE-2023-3175 AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-23447 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.6.1 Description: The issue allows high-privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not adequately escape some settings, eve...

Authors Sue OpenAI: ChatGPT’s Training Methods Challenged in Lawsuit

By Habiba Rashid Another day, another lawsuit against the developers of the groundbreaking AI chatbot ChatGPT. This is a post from HackRead.com Read the original post: Authors Sue OpenAI: ChatGPTs Training Methods Challenged in Lawsuit...

Malicious code in vote-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19c7207472bfc0beece07f85734b2c399c40fc27dd1cfac03ca92492bbbc7cad The OpenSSF Package Analysis project identified 'vote-chatbot' @ 47.47.48 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1338 Malicious code in vote-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19c7207472bfc0beece07f85734b2c399c40fc27dd1cfac03ca92492bbbc7cad The OpenSSF Package Analysis project identified 'vote-chatbot' @ 47.47.48 npm as malicious. It is considered malicious because: - The package...

Querlo Chatbot <= 1.2.4 - Stored Cross-Site Scripting

The plugin does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability. PoC Submit the following in the chat message: """ See the XSS in Querlo...

Querlo Chatbot <= 1.2.4 - Stored Cross-Site Scripting

The plugin does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability. Submit the following in the chat message: """ See the XSS in Querlo...

CVE-2023-2742

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-2811

The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot...

CVE-2023-2742

CVE-2023-2742 affects the AI ChatBot WordPress plugin (pre-4.5.5). The vulnerability is a stored XSS due to unsanitized/uncleaned settings in the admin UI, allowing an admin (high-privilege user) to inject scripts even when unfiltered_html is disallowed. Root cause: settings are not sanitized/esc...

CVE-2023-2742 AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-2811 AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot...

CVE-2023-2811

CVE-2023-2811 affects the AI ChatBot WordPress plugin (pre-4.5.6). The issue is due to insufficient sanitisation/escaping of numerous settings, allowing stored cross-site scripting that can impact all admins when configuring the chatbot and all users of the chatbot. The primary root cause is impr...

CVE-2023-2811 AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot...