CVE-2022-25610

Опубликовано: 25 мар. 2022

Источник: nvd

CVSS3: 3.4

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.

Ссылки

https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-unauthenticated-stored-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/simple-ajax-chat/#developers
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/simple-ajax-chat/wordpress-simple-ajax-chat-plugin-20220115-unauthenticated-stored-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/simple-ajax-chat/#developers
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plugin-planet:simple_ajax_chat:*:*:*:*:*:wordpress:*:*

Версия до 20220115 (исключая)

EPSS

Процентиль: 54%

0.0031

Низкий

3.4 Low

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-c838-r8f2-9r8x

CVSS3: 6.1

github

почти 4 года назад

EPSS

Процентиль: 54%

0.0031

Низкий

3.4 Low

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79