Lucene search
K

165 matches found

Prion
Prion
added 2023/05/09 11:15 a.m.21 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin = 2.2 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 10:40 a.m.53 views

CVE-2023-23734

The CVE-2023-23734 issue affects the WordPress plugin Userlike – WordPress Live Chat (David Voswinkel) versions ≤ 2.2. It is an authenticated Stored XSS vulnerability (admin+), caused by insufficient sanitization/escaping of settings, enabling an administrator to inject scripts executed by other ...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.22 views

WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...

8.8CVSS6.7AI score0.00324EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/24 7:15 p.m.6 views

CVE-2023-0899

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins...

6.1CVSS6.8AI score0.00458EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/06 12:0 a.m.8 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

4.3CVSS5.3AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.8 views

PT-2022-24865 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: discourse-chat versions prior to 0.9 Description: The discourse-chat plugin for the Discourse message board has an issue where it renders a chat channel's name and description in an unsafe way, allowing staff members to cause a cross-site...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References5
Patchstack
Patchstack
added 2022/07/26 12:0 a.m.18 views

WordPress WP Social Chat plugin <= 6.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP Social Chat plugin versions = 6.0.4. Solution Update the WordPress WP Social Chat plugin to the latest available version at least 6.0.5...

4.8CVSS2AI score0.00513EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.4 views

WordPress plugin Free Live Chat Support 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Free Live Chat Support...

8.8CVSS7.8AI score0.0053EPSS
Exploits0References3
Prion
Prion
added 2022/06/21 7:15 p.m.19 views

Design/Logic Flaw

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

4CVSS6.4AI score0.00542EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/06/21 7:0 p.m.8 views

CVE-2022-31095 Exposure of Sensitive Information in discourse-chat

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

4.3CVSS6.8AI score0.00542EPSS
Exploits0References3
CVE
CVE
added 2022/06/21 7:0 p.m.69 views

CVE-2022-31095

The CVE-2022-31095 affects the discourse-chat plugin for Discourse. Versions prior to 0.4 allow an attacker who knows a channel message ID to view that message via the chat message lookup endpoint, primarily impacting direct message channels. There are no known workarounds; remediation is to upda...

6.5CVSS5.3AI score0.00542EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/21 12:0 a.m.7 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. An information disclosure vulnerability exists in the Discourse plugin discourse-chat prior to version 0.4. An attacker could exploit this vulnerability to obtain...

6.5CVSS6.5AI score0.00542EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/21 12:0 a.m.8 views

PT-2022-20523 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: discourse-chat versions prior to 0.4 Description: The issue affects the discourse-chat plugin for the Discourse application, allowing an attacker who knows the message ID for a channel they do not have access to, to view that message using th...

6.5CVSS6.4AI score0.00542EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.5 views

Jenkins RocketChat Notifier Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins RocketChat Notifier Plugin 1.4.10...

4.3CVSS5.4AI score0.00583EPSS
Exploits0References5
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.36 views

WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Philippe Dourassov Patchstack Alliance in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...

6.1CVSS3AI score0.00692EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/05/24 12:0 a.m.14 views

WordPress iFlyChat – WordPress Chat plugin <= 4.6.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress iFlyChat – WordPress Chat plugin versions = 4.6.4. Solution Update the WordPress iFlyChat – WordPress Chat plugin to the latest available version at least 4.7.0...

4.8CVSS0.9AI score0.00613EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/07/09 12:0 a.m.15 views

WordPress Wise Chat plugin <= 2.8.3 - CSV Injection vulnerability

CSV Injection vulnerability found by Vishnupriya Ilango Fortinet's FortiGuard Labs in WordPress Wise Chat plugin versions = 2.8.3. Solution Update the WordPress Wise Chat plugin to the latest available version at least 2.8.4...

3AI score
Exploits0References2Affected Software1
Prion
Prion
added 2019/11/02 3:15 p.m.20 views

Sql injection

An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...

7.5CVSS9.4AI score0.02314EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2019/10/14 12:0 a.m.5 views

WordPress wp-live-chat-support plugin cross-site scripting vulnerability (CNVD-2019-36074)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-live-chat-support plugin is a live chat plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS6.3AI score0.00915EPSS
Exploits1References1
CNVD
CNVD
added 2019/08/14 12:0 a.m.22 views

WordPress wp-live-chat-support plugin cross-site scripting vulnerability (CNVD-2019-27637)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-live-chat-support plugin is a live chat plugin used in it. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS6.2AI score0.01211EPSS
Exploits0References1
Rows per page
Query Builder