Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
CVE-2022-3415

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Chat Bubble – Floating Chat With Contact Chat Icons, Messages, Telegram, Email, Sms, Call Me Back
Vendor: CVE Published:; 14 November 2022

Summary

The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message

Affected Version(s)

Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back 2.3

References

https://wpscan.com/vulnerability/012c5b64-ef76-4539-afd8-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2022
Vulnerability Reserved
Oct 7, 2022

Credit

Juampa Rodríguez