exploitDog

CVE-2022-0642

Опубликовано: 30 мая 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

Ссылки

https://wpscan.com/vulnerability/099cf9b4-0b3a-43c6-8ca9-7c2d50f86425
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/099cf9b4-0b3a-43c6-8ca9-7c2d50f86425
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jivochat:jivochat:*:*:*:*:*:wordpress:*:*

Версия до 1.3.5.4 (исключая)

EPSS

Процентиль: 25%

0.00084

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-v6jq-x92p-hqjx

CVSS3: 5.4

github

больше 3 лет назад

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

EPSS

Процентиль: 25%

0.00084

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-352