Lucene search
LuigiWPVDB-ID:7D0B7476-7E11-434E-B1C7-85EA7A3B0F7EHistoryApr 09, 2018 - 12:00 a.m.
WP Live Chat Support < 8.0.06 - Unauthenticated Stored XSS
2018-04-0900:00:00
Luigi
wpscan.com
8
0.002 Low
EPSS
Percentile
54.1%
An unauthenticated user can inject arbitrary javascript code in the admin panel by using the text field “Name” of WP Live Chat Support. The arbitrary code runs on the page wplivechat-menu-history. In the file wp-live-chat-support.php there is no sanitization of $result->id (row 4439). WP Live Chat Support 8.0.05 is vulnerable, probably earlier versions too. The vulnerability is fixed in WP Live Cjat Support 8.0.06
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-live-chat-support | lt | 8.0.06 |
Related
cvelist
cvelist
CVE-2018-9864
2018-04-09 17:00:00
CVE-2018-11105
2018-05-15 15:00:00
cve
cve
CVE-2018-9864
2018-04-09 17:29:00
CVE-2018-11105
2018-05-15 15:29:00
prion
prion
Cross site scripting
2018-04-09 17:29:00
Cross site scripting
2018-05-15 15:29:00
nvd
nvd
CVE-2018-9864
2018-04-09 17:29:00
CVE-2018-11105
2018-05-15 15:29:00