Lucene search
Rafael B.WPEX-ID:DECA3CD3-F7CF-469F-9F7E-3612F7AE514DHistoryMay 22, 2023 - 12:00 a.m.
qubotchat < 1.1.6 - Unauthenticated Stored XSS
2023-05-2200:00:00
Rafael B.
48
qubotchat
unauthenticated
stored
xss
vulnerability
exploit
0.001 Low
EPSS
Percentile
23.0%
The plugin doesnβt filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
1. Enter `#"><image src=/ onerror=alert("XSS")>` as the malicious payload into the chatbot input.
2. See XSS vulnerability.Related
cve
cve
CVE-2023-2399
2023-06-19 11:15:10
cvelist
cvelist
CVE-2023-2399 qubotchat < 1.1.6 - Unauthenticated Stored XSS
2023-06-19 10:52:51
wpvulndb
wpvulndb
qubotchat < 1.1.6 - Unauthenticated Stored XSS
2023-05-22 00:00:00
prion
prion
Input validation
2023-06-19 11:15:00
nvd
nvd
CVE-2023-2399
2023-06-19 11:15:10