Lucene search
+L

59 matches found

patchstack
patchstack
added 2024/01/08 12:0 a.m.6 views

WordPress WordPress Live Chat Plugin for WooCommerce – LiveChat Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Live Chat Plugin for WooCommerce – LiveChat Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8bc5490f826...

7AI score
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/01/08 12:0 a.m.4 views

WordPress WordPress Live Chat Plugin for WooCommerce – LiveChat Plugin <= 2.2.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Live Chat Plugin for WooCommerce – LiveChat Type Plugin Vulnerable versions = 2.2.16 Fixed in 2.2.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c6eaa82ffd...

7AI score
Exploits0References2Affected Software1
nvd
nvd
added 2023/12/18 11:15 p.m.25 views

CVE-2023-49821

Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...

8.8CVSS0.0027EPSS
Exploits0References1
osv
osv
added 2023/12/18 11:15 p.m.3 views

CVE-2023-49821

Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...

8.8CVSS7.3AI score
Exploits0References1
prion
prion
added 2023/12/18 11:15 p.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...

6.8CVSS7.2AI score0.0027EPSS
Exploits0References1Affected Software1
cve
cve
added 2023/12/18 10:31 p.m.73 views

CVE-2023-49821

CVE-2023-49821 is a CSRF vulnerability in the WordPress plugin LiveChat – WP Live Chat Plugin for WordPress (affected up to version 4.5.15). The issue stems from missing CSRF checks, enabling potential unauthorized actions by an attacker. Public references indicate the vulnerability exists in ver...

8.8CVSS8.5AI score0.0027EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/12/18 10:31 p.m.15 views

CVE-2023-49821 WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...

5.4CVSS7.3AI score0.0027EPSS
Exploits0References1
cvelist
cvelist
added 2023/12/18 10:31 p.m.23 views

CVE-2023-49821 WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15...

5.4CVSS8.9AI score0.0027EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/12/18 12:0 a.m.4 views

WordPress Plugin LiveChat Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.5AI score0.0027EPSS
Exploits0References3
wpvulndb
wpvulndb
added 2023/12/09 12:0 a.m.22 views

LiveChat < 4.5.16 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS8.6AI score0.0027EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2023/12/05 12:0 a.m.12 views

WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiveChat Type Plugin Vulnerable versions = 4.5.15 Fixed in 4.5.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49821 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fc152f3c5a19 Credits Brandon Roldan Required...

8.8CVSS6.6AI score0.0027EPSS
Exploits0References2Affected Software1
osv
osv
added 2022/04/03 12:1 a.m.42 views

GHSA-HF55-C445-2W97 Cross-site Scripting in @rocket.chat/livechat

A blind self XSS vulnerability exists in RocketChat LiveChat versions lower than 1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...

6.1CVSS5.9AI score0.00758EPSS
Exploits1References5
attackerkb
attackerkb
added 2022/04/01 11:15 p.m.6 views

CVE-2022-21830

A blind self XSS vulnerability exists in RocketChat LiveChat...

6.1CVSS6.4AI score0.00758EPSS
Exploits1References2
prion
prion
added 2022/04/01 11:15 p.m.18 views

Design/Logic Flaw

A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...

4.3CVSS5.9AI score0.00758EPSS
Exploits1References1Affected Software1
cve
cve
added 2022/04/01 10:17 p.m.98 views

CVE-2022-21830

CVE-2022-21830 concerns a blind self-XSS in Rocket.Chat LiveChat. The vulnerability affects LiveChat versions prior to 1.9, where an attacker could coerce a user into pasting malicious code within the chat, enabling script execution in the victim’s browser. Reported by multiple sources (GHSA, Red...

6.1CVSS5.9AI score0.00758EPSS
Exploits1References1Affected Software1
osv
osv
added 2022/04/01 10:17 p.m.17 views

CVE-2022-21830

A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...

6.1CVSS6AI score0.00758EPSS
Exploits1References3
cvelist
cvelist
added 2022/04/01 10:17 p.m.30 views

CVE-2022-21830

A blind self XSS vulnerability exists in RocketChat LiveChat v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance...

6.1AI score0.00758EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/04/01 12:0 a.m.5 views

RocketChat LiveChat 跨站脚本漏洞

RocketChat LiveChat is a small, lightweight application from RocketChat Inc. designed to provide B2C business-to-customer communication between agents and website visitors. A cross-site scripting vulnerability exists in RocketChat LiveChat versions prior to 1.9, which can be exploited by an...

6.1CVSS6.1AI score0.00758EPSS
Exploits1References2
huntr
huntr
added 2021/06/21 10:43 a.m.5 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description The questionary section of livehelperchat can be modified listing new question . However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️‍♂️ Proof of Concept Install the livechat Go on...

0.1AI score
Exploits0
hackerone
hackerone
added 2021/01/31 8:1 a.m.33 views

Rocket.Chat: Blind XSS

Blind XSS The page located at https://livechat.coinflex.com/livechat suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability which occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject...

4.3CVSS6AI score0.00758EPSS
Exploits1
Rows per page
Query Builder