Search criteria
2 vulnerabilities found for Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty by Unknown
CVE-2021-25016 (GCVE-0-2021-25016)
Vulnerability from cvelistv5 – Published: 2022-01-03 12:49 – Updated: 2024-08-03 19:49
VLAI?
Title
Chaty < 2.8.3 - Reflected Cross-Site Scripting
Summary
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty |
Affected:
2.8.3 , < 2.8.3
(custom)
|
|||||||
|
|||||||||
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button \u2013 Chaty",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2.8.3",
"versionType": "custom"
}
]
},
{
"product": "Floating Chat Widget Pro - Chaty Pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "2.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:12",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Chaty \u003c 2.8.3 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25016",
"STATE": "PUBLIC",
"TITLE": "Chaty \u003c 2.8.3 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button \u2013 Chaty",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.8.3",
"version_value": "2.8.3"
}
]
}
},
{
"product_name": "Floating Chat Widget Pro - Chaty Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.8.2",
"version_value": "2.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25016",
"datePublished": "2022-01-03T12:49:12",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25016 (GCVE-0-2021-25016)
Vulnerability from nvd – Published: 2022-01-03 12:49 – Updated: 2024-08-03 19:49
VLAI?
Title
Chaty < 2.8.3 - Reflected Cross-Site Scripting
Summary
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty |
Affected:
2.8.3 , < 2.8.3
(custom)
|
|||||||
|
|||||||||
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button \u2013 Chaty",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2.8.3",
"versionType": "custom"
}
]
},
{
"product": "Floating Chat Widget Pro - Chaty Pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "2.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:12",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Chaty \u003c 2.8.3 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25016",
"STATE": "PUBLIC",
"TITLE": "Chaty \u003c 2.8.3 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button \u2013 Chaty",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.8.3",
"version_value": "2.8.3"
}
]
}
},
{
"product_name": "Floating Chat Widget Pro - Chaty Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.8.2",
"version_value": "2.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25016",
"datePublished": "2022-01-03T12:49:12",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}