Lucene search
WpvulndbWPVDB-ID:2EA59637-E788-4D18-9D05-B8AD812CA236HistoryNov 23, 2023 - 12:00 a.m.
ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
2023-11-2300:00:00
wpscan.com
14
wordpress
stored cross-site scripting
faq builder
authentication
administrator
input sanitization
output escaping
multi-site installation
unfiltered html
cve-2023-4253
Description The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 4.9.7 |
Related
cvelist
cvelist
CVE-2023-5606
2023-11-02 08:31:43
CVE-2023-4253 Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
2023-09-04 11:26:57
prion
prion
Cross site scripting
2023-11-02 09:15:00
Cross site scripting
2023-09-04 12:15:00
nvd
nvd
CVE-2023-5606
2023-11-02 09:15:08
CVE-2023-4253
2023-09-04 12:15:10
cve
cve
CVE-2023-5606
2023-11-02 09:15:08
CVE-2023-4253
2023-09-04 12:15:10
wpvulndb
wpvulndb
Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
2023-08-08 00:00:00
wpexploit
wpexploit
Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
2023-08-08 00:00:00
wordfence
wordfence
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Related for WPVDB-ID:2EA59637-E788-4D18-9D05-B8AD812CA236