Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting

2021-12-0600:00:00

Krzysztof Zając

wpscan.com

0.001 Low

EPSS

Percentile

43.6%

JSON

The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

PoC

http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed&search;=<%2Fscript><img+src+onerror%3Dalert(/XSS/)>

CPENameOperatorVersion
chatylt2.8.3
chaty-prolt2.8.2

CPE	Name	Operator	Version
	chaty	lt	2.8.3
	chaty-pro	lt	2.8.2

0.001 Low

EPSS

Percentile

43.6%

JSON

Related for WPVDB-ID:B5035987-6227-4FC6-BC45-1E8016E5C4C0