CVE-2019-25737

Sažetak

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites.

Reference

https://codecanyon.net/item/wordpress-live-chat-plugin/3952877
https://screets.com/
https://www.exploit-db.com/exploits/47037
https://www.vulncheck.com/advisories/live-chat-unlimited-stored-cross-site-scripting

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

10-06-2026 - 02:16

Objavljeno

04-06-2026 - 14:16