Lucene search
WPScanCVE-2022-3415HistoryNov 14, 2022 - 3:15 p.m.
CVE-2022-3415
2022-11-1415:15:48
CWE-79
WPScan
web.nvd.nist.gov
39
3
cve-2022-3415
wordpress plugin
stored xss
unsanitized input
unauthenticated attackers
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
45.7%
The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message
Affected configurations
Node
bluecoralchat_bubbleRange<2.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bluecoral | chat_bubble | * | cpe:2.3:a:bluecoral:chat_bubble:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back",
"versions": [
{
"version": "2.3",
"status": "affected",
"lessThan": "2.3",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-11-14 15:15:00
wpexploit
wpexploit
Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
2022-10-18 00:00:00
wpvulndb
wpvulndb
Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
2022-10-18 00:00:00
nvd
nvd
CVE-2022-3415
2022-11-14 15:15:48
cvelist
cvelist
patchstack
patchstack
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
45.7%
Related for CVE-2022-3415