59 matches found
WordPress WordPress Live Chat Plugin for WooCommerce – LiveChat Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software WordPress Live Chat Plugin for WooCommerce – LiveChat Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8bc5490f826...
WordPress WordPress Live Chat Plugin for WooCommerce – LiveChat Plugin <= 2.2.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software WordPress Live Chat Plugin for WooCommerce – LiveChat Type Plugin Vulnerable versions = 2.2.16 Fixed in 2.2.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c6eaa82ffd...
CVE-2023-49821
Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...
CVE-2023-49821
Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...
CVE-2023-49821
CVE-2023-49821 is a CSRF vulnerability in the WordPress plugin LiveChat – WP Live Chat Plugin for WordPress (affected up to version 4.5.15). The issue stems from missing CSRF checks, enabling potential unauthorized actions by an attacker. Public references indicate the vulnerability exists in ver...
CVE-2023-49821 WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...
CVE-2023-49821 WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...
WordPress Plugin LiveChat Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
LiveChat < 4.5.16 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software LiveChat Type Plugin Vulnerable versions = 4.5.15 Fixed in 4.5.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49821 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fc152f3c5a19 Credits Brandon Roldan Required...
GHSA-HF55-C445-2W97 Cross-site Scripting in @rocket.chat/livechat
A blind self XSS vulnerability exists in RocketChat LiveChat versions lower than 1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...
CVE-2022-21830
A blind self XSS vulnerability exists in RocketChat LiveChat...
Design/Logic Flaw
A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...
CVE-2022-21830
CVE-2022-21830 concerns a blind self-XSS in Rocket.Chat LiveChat. The vulnerability affects LiveChat versions prior to 1.9, where an attacker could coerce a user into pasting malicious code within the chat, enabling script execution in the victim’s browser. Reported by multiple sources (GHSA, Red...
CVE-2022-21830
A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...
CVE-2022-21830
A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...
RocketChat LiveChat 跨站脚本漏洞
RocketChat LiveChat is a small, lightweight application from RocketChat Inc. designed to provide B2C business-to-customer communication between agents and website visitors. A cross-site scripting vulnerability exists in RocketChat LiveChat versions prior to 1.9, which can be exploited by an...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
✍️ Description The questionary section of livehelperchat can be modified listing new question . However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️♂️ Proof of Concept Install the livechat Go on...
Rocket.Chat: Blind XSS
Blind XSS The page located at https://livechat.coinflex.com/livechat suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability which occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject...