CVE-2019-25737

Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting

CVSS 5.3 MEDIUMEPSS 0.2%CWE-79

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Screets · Live Chat Unlimited

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/47037unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://codecanyon.net/item/wordpress-live-chat-plugin/3952877 https://screets.com/https://www.exploit-db.com/exploits/47037 https://www.vulncheck.com/advisories/live-chat-unlimited-stored-cross-site-scripting