CVE-2023-2399
qubotchat < 1.1.6 - Unauthenticated Stored XSS
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
19 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · QuBot