EUVD-2024-25137

Malicious code in bioql PyPI...

EUVD-2021-30290

Malicious code in bioql PyPI...

CVE-2024-27963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44...

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

Malicious code in crisp-import-conversations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 695e694069b00b1d669921e34a38537e57d625a52cebab80f5ae8af1221b8377 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-27963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44...

CVE-2024-27963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44...

CVE-2024-27963

CVE-2024-27963 affects the Crisp – Live Chat and Chatbot WordPress plugin. It is a Stored XSS vulnerability due to improper neutralization of input in Crisp, affecting versions up to 0.44. Connected entries confirm the issue and indicate a patch has been issued (exact patched version not specifie...

CVE-2024-27963 WordPress Crisp – Live Chat and Chatbot plugin <= 0.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44...

CVE-2024-27963 WordPress Crisp – Live Chat and Chatbot plugin <= 0.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44...

PT-2024-22168 · Crisp · Crisp

Name of the Vulnerable Software and Affected Versions: Crisp versions 0.44 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious...

WordPress Plugin Crisp 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Crisp < 0.45 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Crisp plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.44 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrar...

WordPress Crisp Plugin <= 0.44 is vulnerable to Cross Site Scripting (XSS)

Software Crisp Type Plugin Vulnerable versions = 0.44 Fixed in 0.45 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27963 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d24f23d72736 Credits stealthcopter Required privilege Subscriber...

WordPress Crisp Live Chat plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Crisp Live Chat plugin, which stems from a...

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

Cross site request forgery (csrf)

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

CVE-2021-43353

The CVE-2021-43353 entry concerns the WordPress Crisp Live Chat plugin, where a Cross-Site Request Forgery (CSRF) vulnerability arises from missing nonce validation in the crisp_plugin_settings_page function (crisp.php), affecting versions up to 0.31. This CSRF flaw enables an attacker to inject ...

CVE-2021-43353 Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...