CVE-2021-25016
Description
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
- CVSS Version 3.1
- CVSS Version 2.0
nvd
CVE ID: CVE-2021-25016
Base Score: 6.1
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
nvd
CVE ID: CVE-2021-25016
Base Score: 4.3
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:N/C:N/I:P/A:N
Proof Of Concept
Nuclei Templates for CVE-2021-25016
Refrence: Project Discovery GitHub
Refrence: NVD