6.1

CVE-2023-2399

Exploit

qubotchat < 1.1.6 - Unauthenticated Stored XSS

QuBotChat <= 1.1.5 - Unauthenticated Self-Based Cross-Site Scripting

The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
Mögliche Gegenmaßnahme
QuBot – Chatbot Builder with Templates: Update to version 1.1.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QudataQubot SwPlatformwordpress Version < 1.1.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt QuBot – Chatbot Builder with Templates
Version *-1.1.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.387
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://wpscan.com/vulnerability/deca3cd3-f7cf-469f-9f7e-3612f7ae514d
Third Party Advisory
Exploit
https://wpscan.com/vulnerability/deca3cd3-f7cf-469f-9f7e-3612f7ae514d/
https://www.wordfence.com/threat-intel/vulnerabilities/id/dd27aeb9-4257-4b15-8f14-8a8c89522c32
Third Party Advisory