Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3 vulnerabilities by onWebChat

    CVE-2020-5642 (GCVE-0-2020-5642)

    Vulnerability from cvelistv5 – Published: 2020-10-15 02:20 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    Impacted products
    Vendor Product Version
    onWebChat Live Chat - Live support Affected: version 3.1.0 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/onwebchat/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN92404841/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Live Chat - Live support",
              "vendor": "onWebChat",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 3.1.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-15T02:20:15.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/onwebchat/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN92404841/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5642",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Live Chat - Live support",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 3.1.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "onWebChat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/onwebchat/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/onwebchat/"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat",
                  "refsource": "MISC",
                  "url": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN92404841/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN92404841/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5642",
        "datePublished": "2020-10-15T02:20:15.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5642 (GCVE-0-2020-5642)

    Vulnerability from nvd – Published: 2020-10-15 02:20 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    Impacted products
    Vendor Product Version
    onWebChat Live Chat - Live support Affected: version 3.1.0 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/onwebchat/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN92404841/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Live Chat - Live support",
              "vendor": "onWebChat",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 3.1.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-15T02:20:15.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/onwebchat/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN92404841/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5642",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Live Chat - Live support",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 3.1.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "onWebChat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/onwebchat/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/onwebchat/"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat",
                  "refsource": "MISC",
                  "url": "https://plugins.trac.wordpress.org/changeset?new=2384440%40onwebchat\u0026old=2364589%40onwebchat"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN92404841/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN92404841/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5642",
        "datePublished": "2020-10-15T02:20:15.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2020-000068

    Vulnerability from jvndb - Published: 2020-10-14 15:32 - Updated:2020-10-14 15:32
    Severity
    Summary
    WordPress Plugin "Live Chat - Live support" vulnerable to cross-site request forgery
    Details
    WordPress Plugin "Live Chat - Live support" provided by onWebChat contains a cross-site request forgery vulnerability (CWE-352). Yusuke Fukuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000068.html",
      "dc:date": "2020-10-14T15:32+09:00",
      "dcterms:issued": "2020-10-14T15:32+09:00",
      "dcterms:modified": "2020-10-14T15:32+09:00",
      "description": "WordPress Plugin \"Live Chat - Live support\" provided by onWebChat contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYusuke Fukuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer and coordinated on his own.\r\nAfter coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000068.html",
      "sec:cpe": {
        "#text": "cpe:/a:onwebchat:live_chat_-_live_support",
        "@product": "Live Chat - Live support",
        "@vendor": "onWebChat",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000068",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN92404841/index.html",
          "@id": "JVN#92404841",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5642",
          "@id": "CVE-2020-5642",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5642",
          "@id": "CVE-2020-5642",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "WordPress Plugin \"Live Chat - Live support\" vulnerable to cross-site request forgery"
    }