← voltar
CVE-2022-0642

JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF

EPSS 0.3%CWE-352
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
30 mai 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.