cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-0898,https://securityvulnerability.io/vulnerability/CVE-2024-0898,Floating Chat Plugin Vulnerable to Stored Cross-Site Scripting,"The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,"Chat Bubble – Floating Chat With Contact Chat Icons, Messages, Telegram, Email, Sms, Call Me Back",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:27:09.424Z,0 CVE-2022-3415,https://securityvulnerability.io/vulnerability/CVE-2022-3415,Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting,"The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message",Wordpress,"Chat Bubble – Floating Chat With Contact Chat Icons, Messages, Telegram, Email, Sms, Call Me Back",6.1,MEDIUM,0.0009399999980814755,false,,false,false,false,,false,false,2022-11-14T00:00:00.000Z,0