CVE-2019-25737
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Screets | Live Chat Unlimited | 2.8.3 | affected |
Weaknesses
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/47037
- https://screets.com/
- https://codecanyon.net/item/wordpress-live-chat-plugin/3952877
- https://www.vulncheck.com/advisories/live-chat-unlimited-stored-cross-site-scripting
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.