Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Live_chat
(3cx)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-09 | CVE-2017-2187 | Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Live_chat | 6.1 | ||
| 2018-04-09 | CVE-2018-9864 | The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. | Live_chat | 6.1 | ||
| 2018-05-15 | CVE-2018-11105 | There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864. | Live_chat | 6.1 |